URLConnection Troubles

Hey all,

I’m having trouble making a URL connection to a site using an API that I’ve been using with them for years. My code hasn’t changed. The API hasn’t changed. The site hasn’t changed. And it works on Windows. But of course Apple with their puritanical hyper-scared need for security is not working. This is the error I get:

An SSL error has occurred and a secure connection to the server cannot be made.

OK. So what is needed to get around this. Like I said - it works just fine on Windows.

How do I make this work in MacOS? What new hoops do I have to jump through. No, my app is not sandboxed. It is not and will not be a store app.

URLConnection on macOS is required to be https (ie http gives this error), UNLESS you add a plist entry to allow a specific (or wildcard) domain for the app.

The URL is htttps. That is part of my frustration.

It would be really helpful if you could post a url.

Here’s some code and the resulting UR:

Dim gcurl As String = kgcURLStart+"api/account/login"


kgcURLStart is a constant that is:


So the total string is:


API documentation is available here:

Well, I’ve worked around this by adding the plist entry to allow insecure arbitrary site connections. For some reason it wouldn’t work when I specified the global cache site. Maybe I needed to add the port number.

But now it’s working. I would still like to understand why it fails when I have the https in place in the URL. I’d rather have it be secure. What I don’t know is this something in Xojo that is broken or is it a problem with the website I am accessing?

I don’t think Xojo broke anything here, URLConnection sits atop system APIs. That’s why it would work on one system but not the other. If it were Xojo at fault, it wouldn’t work on either.

Does your system actually trust the certificate? That’s where I’d start looking.

Apple is becoming increasingly restricitve.

BTW, they say prefer NSExceptionDomains instead of global ones like NSAllowsArbitraryLoads

I’ve never done anything in terms of trusting or not trusting the certificate from the site. And I’ve tried this on both my Macs. I’ve got access to one that isn’t mine so I can try it there and see.

Yeah, I know but I couldn’t it to work using the NSExceptionDomains key. And my app isn’t going in the store so it doesn’t matter…


As a data point, the code you posted works here. I get a response about an internal server error, so the URLConnection is successfully making its SSL connection.

macOS 11.6.8
Xojo 2022r2


Hmm…Strange why it doesn’t work for me. Wonder if I have a certificate or something store in inCloud that is mucking this all up…

Although you are not on OS X Monterey.

It used to work for me…

If you are getting this as an Error event with an exception, what is the exception error number? That could provide more information about what specifically the SSL error is.


Well shoot, “NSURLErrorSecureConnectionFailed” that’s not helpful :sweat_smile:

1 Like

Nope! And I’m trying on another Mac right now that I have access to but which is not on my iCloud account. And nope. Same thing. Connection doesn’t happen.

I think it’s something in Monterey.

This is why I questioned if it was something broken in Xojo. Did Monterey add some sort of requirement for secure URLConnections that Xojo mangled or missed?

This Apple Developer post suggests accessing the NSUnderlyingErrorKey to find out what caused the error. MBS has NSURLConnectionMBS which could help.

Looks like that MBS Class is deprecated. I’ll try the NSURLSessionMBS class…

iOS 9.0 or macOS 10.11

ATS uses the NSAllowsArbitraryLoads value that you set, or NO by default, and ignores the other global exceptions.

iOS 10.0 or later or macOS 10.12 or later

ATS ignores the NSAllowsArbitraryLoads value that you set and instead obeys the other more specific keys.