I have an app that connects to Apache server with SNI enabled to support several Virtualhosts
In iOS 7.1.1 and older iOs versions the connection fails with this visible error in Apache (when in debug mode):
Apache-Error: [file "ssl_engine_kernel.c"] [line 512] [level 7] Changed client verification type will force renegotiation
Apache-Error: [file "/builddir/build/BUILD/httpd-2.2.15/modules/ssl/ssl_engine_kernel.c"] [line 542] [level 6] Non-default virtual host with SSLVerify set to 'require' and VirtualHost-specific CA certificate list is only available to clients with TLS server name indication (SNI) support
it works instead when SNI is disabled in Apache, the correct virtualhost is the default or iOS version >= 8 is used.
The question is: Is in iOS SNI ON by default? It looks like yes on iOS >= 8.0 and no in <8.
If it is not on by default in old iOS versions (is what looks like), anyone knows how to force SNI sending?
Thanks in advance
Related
I'm running a rest api on Dokku platform. Recently I discovered that Android <5 doesn't support tls 1.1 and 1.2, so I was wondering if I could enable 1.0 on my host (default cert enabled only 1.2).
You'll need to get a certificate from an authority that supports lower than TLS 1.2, though I believe that is a requirement for GDPR.
Question:
Is it compulsory to setup Application Center with SSL cert (e.g. startssl.com) when downloading iOS app?
What have I tried:
1st Try:
1) I didn't configure SSL cert and try to download the ios app using http and https link. (http://xxx.xxx.xxx.xxx:9080/applicationcenter/installers.html and https://xxx.xxx.xxx.xxx:9443/applicationcenter/installers.html)
2) Major setting in mfp server.xml,
<featureManager>
<feature>ssl-1.0</feature>
</featureManager>
<httpEndpoint id="defaultHttpEndpoint” host="*" httpPort="9080” httpsPort="9443" >
<keyStore id="defaultKeyStore" password="worklight" />
Result/Issue
Http:
Https:
2nd Try:
1) Import .p12 generated in startssl.com
2) And follow this guide to setup the necessary configuration: http://www.ibm.com/support/knowledgecenter/en/SSHS8R_7.1.0/com.ibm.worklight.installconfig.doc/appcenter/t_ac_ssl_lib.html
Result/Issue
Couldn't connect to the https server after configuring server.xml and restarting the mfp server
For iOS, TLS 1.2 is required on the server, yes.
See here: http://www.ibm.com/support/knowledgecenter/SSHS8R_7.1.0/com.ibm.worklight.installconfig.doc/appcenter/c_ac_ssl_config.html
You can configure the Application Center with SSL or without SSL, unless you intend to install applications on iOS devices. For iOS applications, you must configure the Application Center server with SSL and enable the TLS v1.2 protocol.
I had set up charles to intercept proxy http traffic and now, trying to intercept https traffic. I am using charles 3.11.2 and device with iOS 9.2. I have installed charles root proxy on the system and also installed on the iOS device. I have enabled ssl interception for all pages with wild card "*". When I go to safari and hit a secure webpage, I get There was a problem communicating with the secure web proxy server(HTTPS).
In my charles window, I get the error, SSL: Unrecognized SSL message, plaintext connection? and notes stating Exhausted available SSL/TLS protocols, trying with everything enabled.
Is there any thing which I am misssing?
Make sure Charles is running with an up-to-date JVM. I had this same issue and the problem was I had JAVA_HOME set to a Java 6 JRE. Updating the environment to use Java 8 fixed the issue.
Refer the answer here: Cannot see iOS simulator traffic with charles proxy
Ensure that ATS is present for debug builds as commented in the shared thread
I have a standalone (EXE) DataSnap server written in Delphi XE6 which I've secured with an SSL certificate using the OpenSSL DLLs. When I test the connection to the server I can see that it supports TLS v1.0. I now need to ensure the server can support TLS v1.2 (e.g. to support connections from iOS9 apps). However I can't see how to enable this. I've made the Windows registry changes to the (Windows 2008R2) server to enable TLS v1.2 but I guess this only affects IIS apps.
Can anybody show me how to enable TLS v1.2 within the Windows OpenSSL DLLs? I'm using version 1.0.2d of the DLLs. Or is there something within the DataSnap server component properties that needs to be changed?
In iOS 8.1 we are getting random SSL errors.
There is no issue at the sever and it seems like iOS device issue. AWS support has checked the SSL configuration and the certificate in server, but didn't find any issue.
Error message is this - "An SSL error has occurred and a secure connection to the server cannot be made. (NSURLErrorDomain:-1200)". We are using NSURLConnection to make network connections.
Many of our users started getting this error recently and all were in in iOS 8.1. Is this a known bug?
I have exactly the same issue with iOS8.1 user on my website
on the server side, i have this error :
No hostname was provided via SNI for a name based virtual host
it seems that iOS8.1 doesn't support very well SNI.
The workaround is to configure your webserver tp accept client that doesn't support SNI and set the virtualhost and certificate you want "no SNI client" to be show by default for any all SSL virtualhosts
In apache you have to add :
NameVirtualHost *.443 #before the first SSL virtualhost which will have the default certificate.
SSLStrictSNIVHostCheck off # in this default virtualhost.
Sorry for my english (i'm french) and hope it will help