paulofierro/ats-s3.txt

## ats-s3.txt
You can test ATS diagnositcs in Mac OS X El Capitan by running:

nscurl --ats-diagnostics -v https://s3.amazonaws.com

Here is the log:
================================================================================

Starting ATS Diagnostics

Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https://s3.amazonaws.com.
A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error.
================================================================================

Default ATS Secure Connection
---
ATS Default Connection
ATS Dictionary:
{
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrust 0x7fe15b804f40 [0x7fff7507e890]>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, NSErrorPeerCertificateChainKey=(
    "<SecCertificate 0x7fe159f297c0 [0x7fff7507e890]>",
    "<SecCertificate 0x7fe159f104a0 [0x7fff7507e890]>",
    "<SecCertificate 0x7fe159f14100 [0x7fff7507e890]>"
), NSUnderlyingError=0x7fe15bb00e30 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrust 0x7fe15b804f40 [0x7fff7507e890]>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
    "<SecCertificate 0x7fe159f297c0 [0x7fff7507e890]>",
    "<SecCertificate 0x7fe159f104a0 [0x7fff7507e890]>",
    "<SecCertificate 0x7fe159f14100 [0x7fff7507e890]>"
)}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://s3.amazonaws.com/, NSErrorFailingURLStringKey=https://s3.amazonaws.com/, NSErrorClientCertificateStateKey=0}
---

================================================================================

Allowing Arbitrary Loads

---
Allow All Loads
ATS Dictionary:
{
    NSAllowsArbitraryLoads = true;
}
Result : PASS
---

================================================================================

Configuring TLS exceptions for s3.amazonaws.com

---
TLSv1.2
ATS Dictionary:
{
    NSExceptionDomains =     {
        "s3.amazonaws.com" =         {
            NSExceptionMinimumTLSVersion = "TLSv1.2";
        };
    };
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrust 0x7fe159fba7d0 [0x7fff7507e890]>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, NSErrorPeerCertificateChainKey=(
    "<SecCertificate 0x7fe159fb98e0 [0x7fff7507e890]>",
    "<SecCertificate 0x7fe159fb9c20 [0x7fff7507e890]>",
    "<SecCertificate 0x7fe159fb9f60 [0x7fff7507e890]>"
), NSUnderlyingError=0x7fe15ba00fe0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrust 0x7fe159fba7d0 [0x7fff7507e890]>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
    "<SecCertificate 0x7fe159fb98e0 [0x7fff7507e890]>",
    "<SecCertificate 0x7fe159fb9c20 [0x7fff7507e890]>",
    "<SecCertificate 0x7fe159fb9f60 [0x7fff7507e890]>"
)}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://s3.amazonaws.com/, NSErrorFailingURLStringKey=https://s3.amazonaws.com/, NSErrorClientCertificateStateKey=0}
---

---
TLSv1.1
ATS Dictionary:
{
    NSExceptionDomains =     {
        "s3.amazonaws.com" =         {
            NSExceptionMinimumTLSVersion = "TLSv1.1";
        };
    };
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrust 0x7fe159d27e20 [0x7fff7507e890]>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, NSErrorPeerCertificateChainKey=(
    "<SecCertificate 0x7fe159d26ff0 [0x7fff7507e890]>",
    "<SecCertificate 0x7fe159d26570 [0x7fff7507e890]>",
    "<SecCertificate 0x7fe159d27530 [0x7fff7507e890]>"
), NSUnderlyingError=0x7fe159c0e4f0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrust 0x7fe159d27e20 [0x7fff7507e890]>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
    "<SecCertificate 0x7fe159d26ff0 [0x7fff7507e890]>",
    "<SecCertificate 0x7fe159d26570 [0x7fff7507e890]>",
    "<SecCertificate 0x7fe159d27530 [0x7fff7507e890]>"
)}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://s3.amazonaws.com/, NSErrorFailingURLStringKey=https://s3.amazonaws.com/, NSErrorClientCertificateStateKey=0}
---

---
TLSv1.0
ATS Dictionary:
{
    NSExceptionDomains =     {
        "s3.amazonaws.com" =         {
            NSExceptionMinimumTLSVersion = "TLSv1.0";
        };
    };
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrust 0x7fe159e175d0 [0x7fff7507e890]>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, NSErrorPeerCertificateChainKey=(
    "<SecCertificate 0x7fe159e15420 [0x7fff7507e890]>",
    "<SecCertificate 0x7fe159e15660 [0x7fff7507e890]>",
    "<SecCertificate 0x7fe159e158a0 [0x7fff7507e890]>"
), NSUnderlyingError=0x7fe159f516f0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrust 0x7fe159e175d0 [0x7fff7507e890]>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
    "<SecCertificate 0x7fe159e15420 [0x7fff7507e890]>",
    "<SecCertificate 0x7fe159e15660 [0x7fff7507e890]>",
    "<SecCertificate 0x7fe159e158a0 [0x7fff7507e890]>"
)}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://s3.amazonaws.com/, NSErrorFailingURLStringKey=https://s3.amazonaws.com/, NSErrorClientCertificateStateKey=0}
---

================================================================================

Configuring PFS exceptions for s3.amazonaws.com

---
Disabling Perfect Forward Secrecy
ATS Dictionary:
{
    NSExceptionDomains =     {
        "s3.amazonaws.com" =         {
            NSExceptionRequiresForwardSecrecy = false;
        };
    };
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fe159d26440 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://aws.amazon.com/s3/, NSErrorFailingURLKey=http://aws.amazon.com/s3/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
---

================================================================================

Configuring PFS exceptions and allowing insecure HTTP for s3.amazonaws.com

---
Disabling Perfect Forward Secrecy and Allowing Insecure HTTP
ATS Dictionary:
{
    NSExceptionDomains =     {
        "s3.amazonaws.com" =         {
            NSExceptionAllowsInsecureHTTPLoads = true;
            NSExceptionRequiresForwardSecrecy = false;
        };
    };
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fe15b81d350 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://aws.amazon.com/s3/, NSErrorFailingURLKey=http://aws.amazon.com/s3/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
---

================================================================================

Configuring TLS exceptions with PFS disabled for s3.amazonaws.com

---
TLSv1.2 with PFS disabled
ATS Dictionary:
{
    NSExceptionDomains =     {
        "s3.amazonaws.com" =         {
            NSExceptionMinimumTLSVersion = "TLSv1.2";
            NSExceptionRequiresForwardSecrecy = false;
        };
    };
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fe159e16060 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://aws.amazon.com/s3/, NSErrorFailingURLKey=http://aws.amazon.com/s3/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
---

---
TLSv1.1 with PFS disabled
ATS Dictionary:
{
    NSExceptionDomains =     {
        "s3.amazonaws.com" =         {
            NSExceptionMinimumTLSVersion = "TLSv1.1";
            NSExceptionRequiresForwardSecrecy = false;
        };
    };
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fe159e17380 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://aws.amazon.com/s3/, NSErrorFailingURLKey=http://aws.amazon.com/s3/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
---

---
TLSv1.0 with PFS disabled
ATS Dictionary:
{
    NSExceptionDomains =     {
        "s3.amazonaws.com" =         {
            NSExceptionMinimumTLSVersion = "TLSv1.0";
            NSExceptionRequiresForwardSecrecy = false;
        };
    };
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fe159f99b40 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://aws.amazon.com/s3/, NSErrorFailingURLKey=http://aws.amazon.com/s3/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
---

================================================================================

Configuring TLS exceptions with PFS disabled and insecure HTTP allowed for s3.amazonaws.com

---
TLSv1.2 with PFS disabled and insecure HTTP allowed
ATS Dictionary:
{
    NSExceptionDomains =     {
        "s3.amazonaws.com" =         {
            NSExceptionAllowsInsecureHTTPLoads = true;
            NSExceptionMinimumTLSVersion = "TLSv1.2";
            NSExceptionRequiresForwardSecrecy = false;
        };
    };
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fe159d34240 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://aws.amazon.com/s3/, NSErrorFailingURLKey=http://aws.amazon.com/s3/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
---

---
TLSv1.1 with PFS disabled and insecure HTTP allowed
ATS Dictionary:
{
    NSExceptionDomains =     {
        "s3.amazonaws.com" =         {
            NSExceptionAllowsInsecureHTTPLoads = true;
            NSExceptionMinimumTLSVersion = "TLSv1.1";
            NSExceptionRequiresForwardSecrecy = false;
        };
    };
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fe159e1c470 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://aws.amazon.com/s3/, NSErrorFailingURLKey=http://aws.amazon.com/s3/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
---

---
TLSv1.0 with PFS disabled and insecure HTTP allowed
ATS Dictionary:
{
    NSExceptionDomains =     {
        "s3.amazonaws.com" =         {
            NSExceptionAllowsInsecureHTTPLoads = true;
            NSExceptionMinimumTLSVersion = "TLSv1.0";
            NSExceptionRequiresForwardSecrecy = false;
        };
    };
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fe159e20360 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://aws.amazon.com/s3/, NSErrorFailingURLKey=http://aws.amazon.com/s3/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
---

================================================================================
	You can test ATS diagnositcs in Mac OS X El Capitan by running:

	nscurl --ats-diagnostics -v https://s3.amazonaws.com

	Here is the log:
	================================================================================

	Starting ATS Diagnostics

	Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https://s3.amazonaws.com.
	A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error.
	================================================================================

	Default ATS Secure Connection
	---
	ATS Default Connection
	ATS Dictionary:
	{
	}
	Result : FAIL
	Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrust 0x7fe15b804f40 [0x7fff7507e890]>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, NSErrorPeerCertificateChainKey=(
	"<SecCertificate 0x7fe159f297c0 [0x7fff7507e890]>",
	"<SecCertificate 0x7fe159f104a0 [0x7fff7507e890]>",
	"<SecCertificate 0x7fe159f14100 [0x7fff7507e890]>"
	), NSUnderlyingError=0x7fe15bb00e30 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrust 0x7fe15b804f40 [0x7fff7507e890]>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
	"<SecCertificate 0x7fe159f297c0 [0x7fff7507e890]>",
	"<SecCertificate 0x7fe159f104a0 [0x7fff7507e890]>",
	"<SecCertificate 0x7fe159f14100 [0x7fff7507e890]>"
	)}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://s3.amazonaws.com/, NSErrorFailingURLStringKey=https://s3.amazonaws.com/, NSErrorClientCertificateStateKey=0}
	---

	================================================================================

	Allowing Arbitrary Loads

	---
	Allow All Loads
	ATS Dictionary:
	{
	NSAllowsArbitraryLoads = true;
	}
	Result : PASS
	---

	================================================================================

	Configuring TLS exceptions for s3.amazonaws.com

	---
	TLSv1.2
	ATS Dictionary:
	{
	NSExceptionDomains = {
	"s3.amazonaws.com" = {
	NSExceptionMinimumTLSVersion = "TLSv1.2";
	};
	};
	}
	Result : FAIL
	Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrust 0x7fe159fba7d0 [0x7fff7507e890]>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, NSErrorPeerCertificateChainKey=(
	"<SecCertificate 0x7fe159fb98e0 [0x7fff7507e890]>",
	"<SecCertificate 0x7fe159fb9c20 [0x7fff7507e890]>",
	"<SecCertificate 0x7fe159fb9f60 [0x7fff7507e890]>"
	), NSUnderlyingError=0x7fe15ba00fe0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrust 0x7fe159fba7d0 [0x7fff7507e890]>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
	"<SecCertificate 0x7fe159fb98e0 [0x7fff7507e890]>",
	"<SecCertificate 0x7fe159fb9c20 [0x7fff7507e890]>",
	"<SecCertificate 0x7fe159fb9f60 [0x7fff7507e890]>"
	)}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://s3.amazonaws.com/, NSErrorFailingURLStringKey=https://s3.amazonaws.com/, NSErrorClientCertificateStateKey=0}
	---

	---
	TLSv1.1
	ATS Dictionary:
	{
	NSExceptionDomains = {
	"s3.amazonaws.com" = {
	NSExceptionMinimumTLSVersion = "TLSv1.1";
	};
	};
	}
	Result : FAIL
	Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrust 0x7fe159d27e20 [0x7fff7507e890]>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, NSErrorPeerCertificateChainKey=(
	"<SecCertificate 0x7fe159d26ff0 [0x7fff7507e890]>",
	"<SecCertificate 0x7fe159d26570 [0x7fff7507e890]>",
	"<SecCertificate 0x7fe159d27530 [0x7fff7507e890]>"
	), NSUnderlyingError=0x7fe159c0e4f0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrust 0x7fe159d27e20 [0x7fff7507e890]>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
	"<SecCertificate 0x7fe159d26ff0 [0x7fff7507e890]>",
	"<SecCertificate 0x7fe159d26570 [0x7fff7507e890]>",
	"<SecCertificate 0x7fe159d27530 [0x7fff7507e890]>"
	)}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://s3.amazonaws.com/, NSErrorFailingURLStringKey=https://s3.amazonaws.com/, NSErrorClientCertificateStateKey=0}
	---

	---
	TLSv1.0
	ATS Dictionary:
	{
	NSExceptionDomains = {
	"s3.amazonaws.com" = {
	NSExceptionMinimumTLSVersion = "TLSv1.0";
	};
	};
	}
	Result : FAIL
	Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrust 0x7fe159e175d0 [0x7fff7507e890]>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, NSErrorPeerCertificateChainKey=(
	"<SecCertificate 0x7fe159e15420 [0x7fff7507e890]>",
	"<SecCertificate 0x7fe159e15660 [0x7fff7507e890]>",
	"<SecCertificate 0x7fe159e158a0 [0x7fff7507e890]>"
	), NSUnderlyingError=0x7fe159f516f0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrust 0x7fe159e175d0 [0x7fff7507e890]>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
	"<SecCertificate 0x7fe159e15420 [0x7fff7507e890]>",
	"<SecCertificate 0x7fe159e15660 [0x7fff7507e890]>",
	"<SecCertificate 0x7fe159e158a0 [0x7fff7507e890]>"
	)}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://s3.amazonaws.com/, NSErrorFailingURLStringKey=https://s3.amazonaws.com/, NSErrorClientCertificateStateKey=0}
	---

	================================================================================

	Configuring PFS exceptions for s3.amazonaws.com

	---
	Disabling Perfect Forward Secrecy
	ATS Dictionary:
	{
	NSExceptionDomains = {
	"s3.amazonaws.com" = {
	NSExceptionRequiresForwardSecrecy = false;
	};
	};
	}
	Result : FAIL
	Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fe159d26440 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://aws.amazon.com/s3/, NSErrorFailingURLKey=http://aws.amazon.com/s3/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
	---

	================================================================================

	Configuring PFS exceptions and allowing insecure HTTP for s3.amazonaws.com

	---
	Disabling Perfect Forward Secrecy and Allowing Insecure HTTP
	ATS Dictionary:
	{
	NSExceptionDomains = {
	"s3.amazonaws.com" = {
	NSExceptionAllowsInsecureHTTPLoads = true;
	NSExceptionRequiresForwardSecrecy = false;
	};
	};
	}
	Result : FAIL
	Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fe15b81d350 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://aws.amazon.com/s3/, NSErrorFailingURLKey=http://aws.amazon.com/s3/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
	---

	================================================================================

	Configuring TLS exceptions with PFS disabled for s3.amazonaws.com

	---
	TLSv1.2 with PFS disabled
	ATS Dictionary:
	{
	NSExceptionDomains = {
	"s3.amazonaws.com" = {
	NSExceptionMinimumTLSVersion = "TLSv1.2";
	NSExceptionRequiresForwardSecrecy = false;
	};
	};
	}
	Result : FAIL
	Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fe159e16060 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://aws.amazon.com/s3/, NSErrorFailingURLKey=http://aws.amazon.com/s3/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
	---

	---
	TLSv1.1 with PFS disabled
	ATS Dictionary:
	{
	NSExceptionDomains = {
	"s3.amazonaws.com" = {
	NSExceptionMinimumTLSVersion = "TLSv1.1";
	NSExceptionRequiresForwardSecrecy = false;
	};
	};
	}
	Result : FAIL
	Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fe159e17380 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://aws.amazon.com/s3/, NSErrorFailingURLKey=http://aws.amazon.com/s3/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
	---

	---
	TLSv1.0 with PFS disabled
	ATS Dictionary:
	{
	NSExceptionDomains = {
	"s3.amazonaws.com" = {
	NSExceptionMinimumTLSVersion = "TLSv1.0";
	NSExceptionRequiresForwardSecrecy = false;
	};
	};
	}
	Result : FAIL
	Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fe159f99b40 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://aws.amazon.com/s3/, NSErrorFailingURLKey=http://aws.amazon.com/s3/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
	---

	================================================================================

	Configuring TLS exceptions with PFS disabled and insecure HTTP allowed for s3.amazonaws.com

	---
	TLSv1.2 with PFS disabled and insecure HTTP allowed
	ATS Dictionary:
	{
	NSExceptionDomains = {
	"s3.amazonaws.com" = {
	NSExceptionAllowsInsecureHTTPLoads = true;
	NSExceptionMinimumTLSVersion = "TLSv1.2";
	NSExceptionRequiresForwardSecrecy = false;
	};
	};
	}
	Result : FAIL
	Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fe159d34240 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://aws.amazon.com/s3/, NSErrorFailingURLKey=http://aws.amazon.com/s3/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
	---

	---
	TLSv1.1 with PFS disabled and insecure HTTP allowed
	ATS Dictionary:
	{
	NSExceptionDomains = {
	"s3.amazonaws.com" = {
	NSExceptionAllowsInsecureHTTPLoads = true;
	NSExceptionMinimumTLSVersion = "TLSv1.1";
	NSExceptionRequiresForwardSecrecy = false;
	};
	};
	}
	Result : FAIL
	Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fe159e1c470 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://aws.amazon.com/s3/, NSErrorFailingURLKey=http://aws.amazon.com/s3/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
	---

	---
	TLSv1.0 with PFS disabled and insecure HTTP allowed
	ATS Dictionary:
	{
	NSExceptionDomains = {
	"s3.amazonaws.com" = {
	NSExceptionAllowsInsecureHTTPLoads = true;
	NSExceptionMinimumTLSVersion = "TLSv1.0";
	NSExceptionRequiresForwardSecrecy = false;
	};
	};
	}
	Result : FAIL
	Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fe159e20360 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://aws.amazon.com/s3/, NSErrorFailingURLKey=http://aws.amazon.com/s3/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
	---

	================================================================================