Hi,
I asked the same question in now archived thread below (sorry I cannot reply to it since it is archived).
eskimo1 answered with some good guidelines to get memory dumps of the activity and analyze the packets going out and coming in, and so we did. Here are our finidings by looking at the packets.
As a fact, our server supports only TLS1.2 and we dont use any third party libraries as HTTP connection frameworks, only Apple's NSURLConnection.
1. For successful requests going back and forth between server and iOS client, we always see iOS is using TLS1.2
2. If there is a network problem (slow connectivity, connection lost while processing ..etc), again iOS uses only TLS1.2
3. When this particular issue occurrs (while doing the certificate pinning), the iOS sends the requests on TLS1.2 for few times and suddenly it downgrades itself to use TLS1.0 and try to establish a connection with the backend. Hence, server responds with certificate pinning failure error as I mentioned in the original thread.
As a summary,
- We dont see this in other use cases, only in certificate pinning
- When tested with other HTTP clients such as Android, we never see it as well.
- Cannot reproduce this issue in any iOS versions other than iOS 8.0 and above.
Could this be an issue in iOS 8 ? If so, is it going to be fixed with 9.0 ?
Thanks