iPhone isn't renegotiating SSL when requested

App & System Services Networking
Nishant1593 OP
Created Mar ’21
Replies 7
Boosts 0
Views 975
Participants 2
Our networking team done the investigation on the Timeout issue while check deposit. Their investigation are as follows:

The iPhone isn't renegotiating SSL when requested, which causes the app to timeout
SSL handshake is completed initially
Followed by a Hello Request when the app tries to POST to the URI

In the large image size IOS Application, the Hello Request is ignored and no Client Hello is sent.
With the testing of the small image size IOS Application, that version replies to the Hello Request with a Client Hello and Mutual Auth is set up.

Can someone know what is the problem and where it occurrs ?
Replies  7
Boosts  0
Views  975
Participants  2
Systems Engineer OP
Apple
Mar ’21

With the testing of the small image size IOS Application, that version replies to the Hello Request with a Client Hello and Mutual Auth is set up.

It sounds like you have a reproducible sample of this issue, that is good, is there anything noticeably different about the sample compared to the original app? You can take a look at this by reviewing a packet trace.

The iPhone isn't renegotiating SSL when requested

Can you tell me more about what you mean with TLS renegotiation? Do you mean actually mean renegotiation or performing a new TLS handshake?


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
Nishant1593 OP
Apr ’21
We are sending the 1920px size image to the server. The request size is of approx. 300K, but in between the app and server there is a F5 firewall that is doing mutual auth(certificate validation), so he blocks the request to reaching the server and we are getting the "Request Timeout Error" in the app.
Similarly, when we are sending the 1200px size image to the server of request size of approx. 90K, it reaches successfully to the server. So, the networking team done the investigation by reviewing a packet trace and said that the iPhone isn't renegotiating SSL when requested, which causes the app to timeout.

So, according to the networking team, In the 1920px image request, the Hello Request sent by the F5 is ignored by the app and no Client Hello is sent.
And with the testing of the 1200px image request, it replies to the Hello Request sent by the F5 with a Client Hello and Mutual Auth is set up.
0
Systems Engineer OP
Apple
Apr ’21
What API are you using to send the network request where client authentication needs to be performed? If you are using NSURLSession are you seeing the callback for didReceiveChallenge being hit?

<https://developer.apple.com/documentation/foundation/nsurlsessiondelegate/1409308-urlsession?language=objc>


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
Nishant1593 OP
Apr ’21
Yes, I am using the URLSession, didReceive challenge is hitting every time and it is evaluating the server certificate.
0
Systems Engineer OP
Apple
Apr ’21

Yes, I am using the URLSession, didReceive challenge is hitting every time and it is evaluating the server certificate.

Okay, great. When you respond with a URLCredential, is this where the failure occurs?


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
Nishant1593 OP
Apr ’21
No, actually after responding with the URLCredentials, it sends the the request to the server and waits for the response but even after 60 secs, it is not getting any response and getting timeout request error.
0
Systems Engineer OP
Apple
Apr ’21

No, actually after responding with the URLCredentials, it sends the the request to the server and waits for the response but even after 60 secs, it is not getting any response and getting timeout request error.

Okay, what do you see happening if you turn your server side logs to a verbose level that would expose negotiation issues?

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
iPhone isn't renegotiating SSL when requested
First post date Last post date
 
 
Q