We have Sync Gateway configured for HTTPS and we have the iOS code using the NSURLSession-based handler which should get us TLS 1.2.
I should have mentioned sooner we are doing cookie-based authentication in case that makes a difference.
One of our developers discovered that if we use SetCookie with the Secure parameter set to false we no longer see the WebSocketSharp.doHandshake() exception in our app’s log, but we still see the TLS handshake errors in the Sync Gateway log (coming from our app). Is this bad to have SetCookie use “Secure = false” despite pointing to an HTTPS endpoint?
A section of the Sync Gateway log output can be seen here:
Note there is one changes feed set to “normal” and then others are “websocket”.