Troubleshoot MSAL for iOS and macOS TLS/SSL issues

This article provides information to help you troubleshoot issues that you may come across while using the Microsoft Authentication Library (MSAL) for iOS and macOS.

Network issues

Error -1200: "An SSL error has occurred and a secure connection to the server can't be made."

This error means that the connection isn't secure. It occurs when a certificate is invalid. For more information, including which server is failing the TLS check, refer to NSURLErrorFailingURLErrorKey in the userInfo dictionary of the error object.

This error is from Apple's networking library. A full list of NSURL error codes is in NSURLError.h in the macOS and iOS SDKs. For more details about this error, see URL Loading System Error Codes.

Certificate issues

If the URL providing an invalid certificate connects to the server that you intend to use as part of the authentication flow, a good start to diagnosing the problem is to test the URL with an SSL validation service such as SSL Server Test. It tests the server against a wide array of scenarios and browsers and checks for many known vulnerabilities.

By default, Apple's new App Transport Security (ATS) feature applies more stringent security policies to apps that use TLS/SSL certificates. Some operating systems and web browsers have started enforcing some of these policies by default. For security reasons, we recommend you not disable ATS.

Certificates using SHA-1 hashes have known vulnerabilities. Most modern web browsers don't allow certificates with SHA-1 hashes.

Captive portals

A captive portal presents a web page to a user when they first access a Wi-Fi network and haven't yet been granted access to that network. It intercepts their internet traffic until the user satisfies the requirements of the portal. Network errors because the user can't connect to network resources are expected until the user connects through the portal.

Next steps

Learn about captive portals and Apple's new App Transport Security (ATS) feature.