Safari iOS 26.5.2: first navigation fails during HTTP/3 0-RTT; reload succeeds (FB23764937)

Has anyone else observed intermittent first-navigation failures in Safari on iOS 26 when HTTP/3 0-RTT resumption is available?

Environment:

  • iPhone 16 Pro, iOS 26.5.2 (23F84), Mobile Safari
  • Wi-Fi with native IPv6
  • Cloudflare-proxied HTTPS hostname
  • Normal browsing, not Private Browsing
  • Reproduced almost daily on the first visit; an immediate reload succeeds

Safari shows its native “cannot open the page because the server cannot be reached” page. The origin is healthy and neither the origin nor Cloudflare HTTP/security analytics records a corresponding HTTP failure.

We captured the iPhone network interface over USB and compared a failed navigation with the successful reload.

Failed navigation:

  • DNS A, AAAA and HTTPS/SVCB answers completed normally.
  • The HTTPS record advertised h3 and h2 with IPv4 and IPv6 hints.
  • MobileSafari/WebKit opened several QUIC connections across the available IPv4 and IPv6 endpoints.
  • Nearly all sent QUIC Initial packets plus 0-RTT application data.
  • The edge replied promptly with Initial, Handshake and protected packets on both address families.
  • Several flows did not settle and the edge retransmitted repeatedly.
  • Safari also established a TCP/TLS fallback and received data, but still declared the navigation failed.

Successful reload:

  • One IPv4 QUIC connection.
  • Full handshake, without 0-RTT.
  • Normal bidirectional protected traffic and the page loaded.

Control tests:

  • Another proxied hostname succeeded with a full HTTP/3 handshake and no 0-RTT.
  • A direct, non-proxied hostname succeeded over IPv6/TLS.
  • HTTP/3 requests from the same Safari version otherwise received normal 200/204/302/304 responses.

This looks like a CFNetwork/Network.framework/libquic session-resumption or connection-racing recovery issue rather than a WebKit rendering or origin-server problem. The encrypted capture does not let us determine whether the early data was accepted or rejected by the edge.

Feedback filed: FB23764937.

Important reproduction note: 0-RTT has now been disabled on the affected production zone while HTTP/3 remains enabled. Therefore that hostname can no longer reproduce the original 0-RTT path. This is an intentional mitigation; it will not be re-enabled on production solely for testing.

Questions:

  1. Has anyone seen the same first-load failure followed by a successful reload on iOS 26?
  2. Is there a recommended way to collect CFNetwork/libquic diagnostics for a failure that occurs before an HTTP response exists?
  3. Should Safari replay the navigation after 0-RTT rejection or use the already-successful TCP/TLS fallback in this situation?

A raw packet capture is available to Apple through the private Feedback report on request, but is not posted publicly because it contains client network identifiers.Has anyone else observed intermittent first-navigation failures in Safari on iOS 26 when HTTP/3 0-RTT resumption is available?

Environment:

  • iPhone 16 Pro, iOS 26.5.2 (23F84), Mobile Safari
  • Wi-Fi with native IPv6
  • Cloudflare-proxied HTTPS hostname
  • Normal browsing, not Private Browsing
  • Reproduced almost daily on the first visit; an immediate reload succeeds

Safari shows its native “cannot open the page because the server cannot be reached” page. The origin is healthy and neither the origin nor Cloudflare HTTP/security analytics records a corresponding HTTP failure.

We captured the iPhone network interface over USB and compared a failed navigation with the successful reload.

Failed navigation:

  • DNS A, AAAA and HTTPS/SVCB answers completed normally.
  • The HTTPS record advertised h3 and h2 with IPv4 and IPv6 hints.
  • MobileSafari/WebKit opened several QUIC connections across the available IPv4 and IPv6 endpoints.
  • Nearly all sent QUIC Initial packets plus 0-RTT application data.
  • The edge replied promptly with Initial, Handshake and protected packets on both address families.
  • Several flows did not settle and the edge retransmitted repeatedly.
  • Safari also established a TCP/TLS fallback and received data, but still declared the navigation failed.

Successful reload:

  • One IPv4 QUIC connection.
  • Full handshake, without 0-RTT.
  • Normal bidirectional protected traffic and the page loaded.

Control tests:

  • Another proxied hostname succeeded with a full HTTP/3 handshake and no 0-RTT.
  • A direct, non-proxied hostname succeeded over IPv6/TLS.
  • HTTP/3 requests from the same Safari version otherwise received normal 200/204/302/304 responses.

This looks like a CFNetwork/Network.framework/libquic session-resumption or connection-racing recovery issue rather than a WebKit rendering or origin-server problem. The encrypted capture does not let us determine whether the early data was accepted or rejected by the edge.

Feedback filed: FB23764937.

Important reproduction note: 0-RTT has now been disabled on the affected production zone while HTTP/3 remains enabled. Therefore that hostname can no longer reproduce the original 0-RTT path. This is an intentional mitigation; it will not be re-enabled on production solely for testing.

Questions:

  1. Has anyone seen the same first-load failure followed by a successful reload on iOS 26?
  2. Is there a recommended way to collect CFNetwork/libquic diagnostics for a failure that occurs before an HTTP response exists?
  3. Should Safari replay the navigation after 0-RTT rejection or use the already-successful TCP/TLS fallback in this situation?

A raw packet capture is available to Apple through the private Feedback report on request, but is not posted publicly because it contains client network identifiers.

Update after Cloudflare investigation

Cloudflare inspected the edge around the exact UTC timestamp. They confirmed that the failed navigation produced no HTTP request or CF-Ray because it ended during the QUIC handshake/early-data phase. Their edge was responding normally on IPv4 and IPv6.

Cloudflare says this matches a known client-side Safari/iOS QUIC session-resumption and connection-racing pattern seen in other cases: a cold navigation attempts 0-RTT, raced QUIC and TCP paths do not converge, then an immediate reload succeeds with a full handshake and no 0-RTT. They do not consider this an edge rejection.

Their recommended mitigation is our current configuration: HTTP/3 enabled, 0-RTT disabled. The production hostname therefore cannot reproduce the original 0-RTT path anymore.

For a definitive future trace they would need a stable client IP, exact UTC timestamp, PCAP with edge IPv4/IPv6 and colo, plus Safari com.apple.network:quic os_log. We have the client IP, timestamp, PCAP and edge addresses. Paris (CDG) is inferred from surrounding successful traffic; the failed handshake itself has no CF-Ray, so its colo cannot be proven from an HTTP log. We do not have the Apple QUIC os_log from the original failure.

If the symptom recurs with 0-RTT disabled, we will capture both a new PCAP and Apple QUIC logs.

Private Apple Feedback FB23764937 has been updated with the full findings.Update after Cloudflare investigation

Cloudflare inspected the edge around the exact UTC timestamp. They confirmed that the failed navigation produced no HTTP request or CF-Ray because it ended during the QUIC handshake/early-data phase. Their edge was responding normally on IPv4 and IPv6.

Cloudflare says this matches a known client-side Safari/iOS QUIC session-resumption and connection-racing pattern seen in other cases: a cold navigation attempts 0-RTT, raced QUIC and TCP paths do not converge, then an immediate reload succeeds with a full handshake and no 0-RTT. They do not consider this an edge rejection.

Their recommended mitigation is our current configuration: HTTP/3 enabled, 0-RTT disabled. The production hostname therefore cannot reproduce the original 0-RTT path anymore.

For a definitive future trace they would need a stable client IP, exact UTC timestamp, PCAP with edge IPv4/IPv6 and colo, plus Safari com.apple.network:quic os_log. We have the client IP, timestamp, PCAP and edge addresses. Paris (CDG) is inferred from surrounding successful traffic; the failed handshake itself has no CF-Ray, so its colo cannot be proven from an HTTP log. We do not have the Apple QUIC os_log from the original failure.

If the symptom recurs with 0-RTT disabled, we will capture both a new PCAP and Apple QUIC logs.

Private Apple Feedback FB23764937 has been updated with the full findings.

Definitive client-side QUIC logs captured

We reproduced the failure again on 2026-07-15, this time with Apple Network/CFNetwork logging enabled and a full iPhone sysdiagnose collected immediately afterwards.

Failed navigation (12:51:18.718–12:51:19.504 UTC):

  • Mobile Safari requested https://famille.apgl.fr/ and then /login.
  • com.apple.WebKit.Networking attempted multiple Cloudflare IPv4 and IPv6 endpoints.
  • BoringSSL reported resumed(1), offered_ticket(1), in_early_data(1), early_data_accepted(0), ALPN h3.
  • The QUIC trace contains Initial packets followed by 0-RTT application data.
  • WebKit repeatedly logged “Connection refused” in quic_conn_state_initial_sent / quic_conn_state_handshake, “Early data: yes”, and TLS security error 61.
  • The cellular fallback path was requested but WebKit logged “no path found for pdp_ip0”.
  • The navigation ended with NSURLErrorDomain -1004 / NSPOSIXErrorDomain 61: “server cannot be reached”.

Successful reload (12:52:26.122 UTC):

  • A fresh QUIC connection was established in 39.978 ms.
  • BoringSSL reported resumed(0), offered_ticket(0), in_early_data(0), ALPN h3.
  • The main HTTP/3 request returned 200 and the page loaded successfully.
  • The successful request reached Cloudflare CDG.

An important additional finding is that Cloudflare 0-RTT had already been disabled almost three hours before this reproduction. Safari still used a previously cached session ticket and sent 0-RTT, which the edge did not accept. The immediate reload no longer offered a ticket and succeeded. Therefore disabling 0-RTT does not immediately protect clients that still hold previously issued tickets; it may only become fully effective after those tickets are discarded or expire.

This directly matches Cloudflare’s description of a known Safari/WebKit QUIC session-resumption / connection-racing behavior. Private Feedback FB23764937 now contains the exact timestamps, edge endpoints, QUIC states and error codes. The complete sysdiagnose will be attached privately and will not be posted publicly.Definitive client-side QUIC logs captured

We reproduced the failure again on 2026-07-15, this time with Apple Network/CFNetwork logging enabled and a full iPhone sysdiagnose collected immediately afterwards.

Failed navigation (12:51:18.718–12:51:19.504 UTC):

  • Mobile Safari requested https://famille.apgl.fr/ and then /login.
  • com.apple.WebKit.Networking attempted multiple Cloudflare IPv4 and IPv6 endpoints.
  • BoringSSL reported resumed(1), offered_ticket(1), in_early_data(1), early_data_accepted(0), ALPN h3.
  • The QUIC trace contains Initial packets followed by 0-RTT application data.
  • WebKit repeatedly logged “Connection refused” in quic_conn_state_initial_sent / quic_conn_state_handshake, “Early data: yes”, and TLS security error 61.
  • The cellular fallback path was requested but WebKit logged “no path found for pdp_ip0”.
  • The navigation ended with NSURLErrorDomain -1004 / NSPOSIXErrorDomain 61: “server cannot be reached”.

Successful reload (12:52:26.122 UTC):

  • A fresh QUIC connection was established in 39.978 ms.
  • BoringSSL reported resumed(0), offered_ticket(0), in_early_data(0), ALPN h3.
  • The main HTTP/3 request returned 200 and the page loaded successfully.
  • The successful request reached Cloudflare CDG.

An important additional finding is that Cloudflare 0-RTT had already been disabled almost three hours before this reproduction. Safari still used a previously cached session ticket and sent 0-RTT, which the edge did not accept. The immediate reload no longer offered a ticket and succeeded. Therefore disabling 0-RTT does not immediately protect clients that still hold previously issued tickets; it may only become fully effective after those tickets are discarded or expire.

This directly matches Cloudflare’s description of a known Safari/WebKit QUIC session-resumption / connection-racing behavior. Private Feedback FB23764937 now contains the exact timestamps, edge endpoints, QUIC states and error codes. The complete sysdiagnose will be attached privately and will not be posted publicly.

Thanks for your post, I see you filed a complete bug for your description and got routed to a team to review.

Please give time to engineering to review all that information.

You can see the status of your feedback in Feedback Assistant. There, you can track if the report is still being investigated, has a potential identifiable fix, or has been resolved in another way. The status appears beside the label "Resolution." We're unable to share any updates on specific reports on the forums.

For more details on when you'll see updates to your report, please see What to expect after submission.

Albert  WWDR

Safari iOS 26.5.2: first navigation fails during HTTP/3 0-RTT; reload succeeds (FB23764937)
 
 
Q