Hi Team, We are trying to set MDM with NETransparentProxyManager to auto-approve the proxy, but it did not work. We have tried the below Apple document for NETransparentProxyManager. https://developer.apple.com/documentation/devicemanagement/vpn/transparentproxy. Attached is the config file. ApplicationProxy.VPN.mobileconfg.txt could you please suggest how to configure NETransparentProxyManager via MDM?

I've followed all the advice on these forums regarding developing network extensions. I'm working on a FilterDataProvider using the SimpleFirewall example project as a starting point. The issue I run into is that the copy of the extension binary that the system manages does not get updated by the system when I copy a new application into the /Applications directory. Here's my workflow: Build and run the application from Xcode. I've added a pre-run action that copies the extension into a /Applications/SysExtDev folder so I don't have to disable SIP. Test & make changes to code Disable & remove the extension in Settings > Network > Filters & Proxies Build and run the application from Xcode. New app binary loads, but the old extension binary loads. I also notice that the app will report that the extension is already registered even when it's not present in the UI in System Settings. And when I enable the extension in the newly launched app, I don't see the full flow of confirmation dialogs, only one indicating that the app wants to filter network content. If I run: ❯ diff /Applications/SysExtDev/SimpleFirewall.app/Contents/Library/SystemExtensions/com.example.apple-samplecode.SimpleFirewall2U6G6353D3.SimpleFirewallExtension.systemextension/Contents/MacOS/com.example.apple-samplecode.SimpleFirewall2U6G6353D3.SimpleFirewallExtension /Library/SystemExtensions/44022C0D-8BBA-4783-8314-83195A516DB5/com.example.apple-samplecode.SimpleFirewall2U6G6353D3.SimpleFirewallExtension.systemextension/Contents/MacOS/com.example.apple-samplecode.SimpleFirewall2U6G6353D3.SimpleFirewallExtension Binary files ... and ... differ it indicates that the binaries are not the same. In order to resolve this issue I usually have to wait around for awhile and/or reboot the machine. I can't find any rhyme or reason to it. I've tried removing the old app from /Applications before building the new copy but that doesn't seem to help either. The way I know things are going to work is, if when I launch and enable the extension, I see the full onboarding flow asking me to open settings and allow under privacy and security. I have tried running $ systemextensionsctl uninstall 2U6G6353D3 com.example.apple-samplecode.SimpleFirewall2U6G6353D3.SimpleFirewallExtension but that requires SIP to be disabled. I'm really close to just throwing in the towel and developing with SIP disabled. However, I feel like I must be missing something. Do I need to bump the version every time? Do I need to kill the extension process with launchctl so it can be cleaned up? Do I have to tickle the launch services or sfl db? What am I missing?

Hi, I'm using Multipeer Connectivity in my application and when I run it on my physical device, I receive following warning: NSNetServiceBrowser did not search with error dict [{ NSNetServicesErrorCode = "-72008"; NSNetServicesErrorDomain = 10; }]. I've found out that this is associated with not having proper permissions in info.plist according to https://developer.apple.com/forums/thread/653316 I've set description for Privacy - Local Network Usage Description, however, I'm not able to find any key for setting my Bonjour Services. Also, I do not see any popup on my device displaying request to approve local network usage. Could you please provide me an information how can I register my privileges properly?

Hi, I had a Content Filter network extension. It is successfully working until Sonoma. I try to install and activate same network extension on Sequoia beta Intel Mac. But even I haven't got any user consent to activate and allow it. I haven't found any entry in Network settings. Do we need to make any changes in Sequoia MacOs to make it work? Thank you.

I have the following scenario in my VPN app. When app is configured with split tunneling, the vpn dns nameservers are defined in /etc/resolver/example.com (example.com is the domain to be resolved through tunnel) and secondary vpn dns server is configured as 8.8.8.8 (google public dns server) and primary as 3.92.179.203. With the following configuration the dns request are not routed through the tunnel, when I try to ping example.com it does not use 3.92.179.203. Explicit routes are added in the routing table to route the traffic to 3.92.179.203 via VPN interface. It used to work on older macOS versions 12.6 from 14.4 it seems broken system behaves differently when 8.8.8.8 is defined as a vpn nameserver. DNS requests does not go through tunnel it is resolved outside tunnel. If I use 9.9.9.9 or 1.1.1.1 or anyother nameserver other than 8.8.8.8 then it all works correctly.

I am working on an app which is capturing photos and uploading them to a server. I have followed the URLSession configuration to properly support background transfers. However, I am now noticing that my photos are uploading way slower, even when the user has the app open and is interacting with the app. This is undesirable because the changes need to be reflected in real time to the server when the user is active in the app. Previously, when I was just using URLSession.shared.uploadTask with a completion handler, the photos uploaded right away in a matter of 1-2 seconds. Now it is taking 3-4 minutes per photo to upload. The photos are roughly 3mb in size each. I have tried setting the isDiscretionary property explicitly to false to no avail. Sometimes the users are without internet connection, which is why I wanted to use the background session (so that the uploads can be automatically retried by the system when the user connects back to the internet) So, in summary, I want the functionality of the background uploading (and to let the system retry when the user transitions from offline to online) however I also need realtime uploading when the user is interacting with the app. What is the preferred way to solve this problem?

Our macOS application (running as a LaunchDaemon) has been able to report the current Wi-Fi SSID and BSSID (if connected) using the airport command. Since airport has been removed from macOS, we have not been able to collect BSSID information. First, I demonstrate that the BSSID exists: I can option-click the Wi-Fi status menu icon and see the following: Wi-Fi Interface Name: en0 Address: a8:8f:d9:52:10:7d * * * Enable Wi-Fi Logging Create Diagnostics Report... Open Wireless Diagnostics... * * * Known Network polymorphic IP Address: 192.168.86.50 Router: 192.168.86.1 Security: WPA2 Personal BSSID: 88:3d:24:ba:36:81 Channel: 149 (5 GHz, 80 MHZ) Country Code: US RSSI: -60 dBm Noise: -89 dBm Tx Rate: 520 Mbps PHY Mode: 802.11ac MCS Index: 5 NSS: 2 * * * Other Networks * * * Wi-Fi Settings... This says to me that: The WiFi router I am connected to has SSID = polymorphic. The WiFi router I am connected to has BSSID = 88:3d:24:ba:36:81. My computer's Wi-Fi hardware has MAC address = a8:8f:d9:52:10:7d. My computer's Wi-Fi interface name = en0. To get this information now (from within an application), I have attempted to run: /usr/sbin/networksetup -listallhardwareports The output of that command includes the following Hardware Port: Wi-Fi Device: en0 Ethernet Address: a8:8f:d9:52:10:7d To get the SSID, I can then execute: $ /usr/sbin/networksetup -getairportnetwork en0 Current Wi-Fi Network: polymorphic But I still can't get the router's BSSID. So I try $/usr/sbin/networksetup -getinfo 'Wi-Fi' DHCP Configuration IP address: 192.168.86.50 Subnet mask: 255.255.255.0 Router: 192.168.86.1 Client ID: IPv6: Automatic IPv6 IP address: none IPv6 Router: none Wi-Fi ID: a8:8f:d9:52:10:7d Still no new information. $ /usr/sbin/networksetup -getmacaddress en0 Ethernet Address: a8:8f:d9:52:10:7d (Device: en0) This is not helpful either. Let's try another approach: $ /usr/sbin/netstat -nr -f inet | grep ^default default 192.168.86.1 UGScg en0 This tells me that my router's IP address is 192.168.86.1. The arp tool should be able to translate $ /usr/sbin/arp -a -n | grep "(192.168.86.1)" ? (192.168.86.1) at 88:3d:24:ba:36:7f on en0 ifscope [ethernet] This tells me that the router's MAC address is "88:3d:24:ba:36:7f", but it is not the same value as the router's BSSID, which we know to be 88:3d:24:ba:36:81! Another approach. I wrote the following Swift program: import CoreWLAN let c : CWWiFiClient = CWWiFiClient.shared() if let ifs : [CWInterface] = c.interfaces() { for i in ifs { print( i.interfaceName ?? "<nil>", i.powerOn(), i.ssid() ?? "<nil>", i.bssid() ?? "<nil>") } } When executing it with swift, I got: en0 true polymorphic <nil> So for some reason, the CoreWLAN API is hiding the BSSID, but not the SSID. When I use swiftc to compile before executing, I get: en0 true <nil> <nil> Why is the CoreWLAN API now hiding the SSID as well? I even tried an Objective-C program: // Link with: // -framework Foundation // -framework CoreWLAN #include <stdio.h> #include <CoreWLAN/CoreWLAN.h> void printWifi() { NSArray<CWInterface*>* ifs = [[CWWiFiClient sharedWiFiClient] interfaces]; for (CWInterface* i in ifs) { printf("%s %s %s %s\n", [i.interfaceName UTF8String], [i powerOn] ? "true" : "false", [[i ssid] UTF8String], [[i bssid] UTF8String]); } } int main() { printWifi(); return 0; } It prints out: en0 true (null) (null) Based on https://developer.apple.com/forums/thread/131636, I tried // Link with: // -framework Foundation // -framework CoreWLAN // -framework CoreLocation #include <stdio.h> #include <CoreWLAN/CoreWLAN.h> #include <CoreLocation/CoreLocation.h> void printWifi() { NSArray<CWInterface*>* ifs = [[CWWiFiClient sharedWiFiClient] interfaces]; for (CWInterface* i in ifs) { printf("%s %s %s %s\n", [i.interfaceName UTF8String], [i powerOn] ? "true" : "false", [[i ssid] UTF8String], [[i bssid] UTF8String]); } } CLLocationManager* startCoreLocation() { CLLocationManager* mgr = [[CLLocationManager alloc] init]; [mgr requestAlwaysAuthorization]; [mgr startUpdatingLocation]; return mgr; } int main() { CLLocationManager* locMgr = startCoreLocation(); printWifi(); return 0; } That change did not seem to make a difference. After more work, I found that I can not even figure out CLLocationManager authorization. So I attempted to create a minimal program that can get that: https://github.com/HalCanary/location. I am not sure how to proceed here. What is wrong with my location code? Will our application need to get the com.apple.security.personal-information.location entitlement in order to get the BSSID?

Hi, I'm responsible for extending my company's Firewall application with MacOS support. The easiest and fastest way requires a simple API similar to netmap/nfq in Unix/Linux systems or NDIS/WinDivert in Windows platform where All network traffic passing NIC's or WiFi adapter should beforwarded to our FW application, FW application should process the raw packets with its own connection tracking mechanism, modify them if needed, generate new ones if needed, FW application should inject forwarded or new packets to continue their ways. In other words, the required API should stand between NIC/WiFi driver and networking stack and allow packet manipulation. My questions follow: I can't decide on which method to focus further, throughout three alternatives; kext - It can satisfy the requirements, but deprecated, difficult to progress and have no guarantee to be applicable in future versions of MacOS, am I right ? networkingdriverkit - It can satisfy the requirements, am I right ? networkextension - can it satisfy the requirements? Also there is a serious performance problem as mentioned in https://developer.apple.com/forums/thread/757071. Can anyone help me to decide on the most proper method for? Thanks.

Hi, I'm using network extension on my VPN app. I'm override the sleep method and send some data to my server when the method call. I noticed that the server requests are succeeded when I'm connecting with a WiFi networks and failed when I'm connecting with cellular networks. Does the OS blocks immediately the connectivity when I'm on the cellular networks and the device enter to sleep?

Using NWBrowser and NWListener I'm trying to send a small package of data from the listener/server to the device. However the device never receives the actual bytes. It either: gets stuck the preparing state the connection gets reset the data is null and is marked as isComplete = true The only way I can get the device to receive the data is by calling cancel on the NWConnection on the server/NWListener end. Here is some sample code I am working with: https://github.com/leogdion/JustBonjour/tree/nwlistener Is this expected behavior that cancel is required?

So for context I am building an app where the Apple Watch establishes a WatchConnectivity session with the parent iPhone app and streams audio data from the watch Mic to the iPhone for processing on Deepgram to perform STT. This works very well, unless I tilt my wrist and the display goes to sleep. What I find strange is that due to the mic being in use on my watch, the app is still showing on the always on display and is still trying to send the audio data to my phone in the background (which is perfect!) but the iPhone does not seem to be responding. So my watch code is: private func sendData(_ data: Data) { let dict: [String: Any] = ["audioData": data] session.sendMessage(dict, replyHandler: nil, errorHandler: { error in print("Failed to send data: \(error.localizedDescription)") }) } and my Xcode logs Failed to send data: WatchConnectivity session on paired device is not reachable. So the watch is still running the process but because session.isReachable is false the audio data is not sent which it should be! Is there any way to keep the connection established and data sharing when the display dims?

When using Network framework, is it possible to set NWProtocolTLS behave like TLS Server or Client? In CFNetwork there is a kCFStreamSSLIsServer key which I could not find the same thing in Network. I currently try to implement something like STARTTLS, both client and server side, after connection and some message, the client will behave like a TLS SERVER, and the connection in server(NWListener) will behave like a TLS CLIENT. That's why i need to set something like kCFStreamSSLIsServer In Swift-NIO, this can be easily implemented by adding a NIOSSLClientHandler or NIOSSLServerHandler Below it's what I got currently based on another post in community // main.swift import Foundation import Network let params = NWParameters.tcp let framer = STARTTLSFramer.options() params.defaultProtocolStack.applicationProtocols = [framer] let connection = NWConnection( host: .ipv4(IPv4Address("127.0.0.1")!), port: .init(integerLiteral: 8089), using: params) connection.stateUpdateHandler = { newState in print("connection newState \(newState)") } connection.start(queue: .main) RunLoop.main.run() // STARTLSFramer.swift import Foundation import Network final class STARTTLSFramer: NWProtocolFramerImplementation { static let label: String = "STARTTLSFramer" init(framer: NWProtocolFramer.Instance) {} func handleOutput( framer instance: NWProtocolFramer.Instance, message: NWProtocolFramer.Message, messageLength: Int, isComplete: Bool ) { fatalError() } func wakeup(framer instance: NWProtocolFramer.Instance) { fatalError() } func stop(framer instance: NWProtocolFramer.Instance) -> Bool { true } func cleanup(framer instance: NWProtocolFramer.Instance) {} func start(framer instance: NWProtocolFramer.Instance) -> NWProtocolFramer.StartResult { instance.writeOutput(data: Data("hello\n".utf8)) return .willMarkReady } private var accumulated = Data() func doUpgrade(instance: NWProtocolFramer.Instance) { let tlsOptions = NWProtocolTLS.Options() sec_protocol_options_set_min_tls_protocol_version(tlsOptions.securityProtocolOptions, .TLSv12) // load identity let secIdentity = createSecIdentity()! let identity = sec_identity_create(secIdentity) sec_protocol_options_set_local_identity(tlsOptions.securityProtocolOptions, identity!) try! instance.prependApplicationProtocol(options: tlsOptions) instance.passThroughOutput() instance.passThroughInput() instance.markReady() } func handleInput(framer instance: NWProtocolFramer.Instance) -> Int { repeat { let success = instance.parseInput(minimumIncompleteLength: 1, maximumLength: 2048) { buffer, _ in let count = buffer?.count ?? 0 if let buffer { accumulated.append(contentsOf: buffer) } return count } if !success { break } } while true // some validation self.accumulated.removeAll() self.doUpgrade(instance: instance) return 0 } static func options() -> NWProtocolFramer.Options { let startTLSDef = NWProtocolFramer.Definition(implementation: STARTTLSFramer.self) let result = NWProtocolFramer.Options(definition: startTLSDef) return result } }

I want to extend an existing macOS app distributed through the Mac App Store with the capability to track the Wi-Fi's noise and signal strength along with the SSID it is connected to over time. Using CWWiFiClient.shared().interface(), I can get noiseMeasurement() and rssiValue() fine, but ssid() always returns nil. I am assuming this is a privacy issue (?). Are there specific entitlements I can request or ways to prompt the user to grant the app privilege to access the SSID values?

We have a product which uses a Network Extension (a socket filter and a packet content filter). The application contains the network extension, as well as an un-sandboxed LaunchDaemon which connects to the service at the NEMachServiceName. Occasionally, usually after an upgrade where the system extension is swapped for the new version, our un-sandboxed process isn't able to contact the network extension. From the logging, we receive the following XPC error (libxpc.dylib) [com.apple.xpc:connection] [0x7fd6d0307f40] failed to do a bootstrap look-up: xpc_error=[3: No such process] in the unsandboxed process. Eventually, we receive an invalidated callback on the XPC connection with the error Couldn’t communicate with a helper application.. We have confirmed that an appropriate service is running via the launchctl command, and the network extension process appears to have initialised correctly. We don't see any indication of a received connection at the Network Extension process however (probably not surprising given the error). Once a system enters this state, repeated attempts to connect are unsuccessful and continue to produce the same error. We've also confirmed that there are no XPC codec exceptions apparent that might cause the connection to fail. I'm at a bit of a loss to explain why this failure might be occurring, other than a problem in the bootstrap/launchd being able to find the appropriate service. Is there possibly some problem with unsandboxed processes accessing the sandboxed network extension via XPC? They are both provisioned in an app group together. Is there possibly some issue where attempting to connect at a critical point during network extension installation causes it to become inaccessible? We've observed this specifically on macOS 14.5 (23F79), however this is something we've noticed on other versions of macOS and our code. The problem isn't systematic, and systems end up in this state only occasionally. We do seem to find some customers have more instances of this problems than others, but we haven't been successful at teasing out any common thread that might explain why.

How to expose NTLM token using URLSession in swift iOS? If it is not possible using URLSession, do we have any another way to expose it?

I am using NWconnection to force some requests to go through cellular data. Everything works fine, except I keep calling connection.receive and don't know when the transfer is complete. // Setting up the connection: let tcpOptions = NWProtocolTCP.Options() let parameters = NWParameters(tls: .init(), tcp: tcpOptions) parameters.requiredInterfaceType = .cellular port = port ?? NWEndpoint.Port(443) // ... NWConnection(to: .hostPort(host: NWEndpoint.Host(host),port: port), using: parameters) // Receiving data once the connection is ready func receive(withConnection connection: NWConnection, completion: @escaping dataCompletion) { connection.receive(minimumIncompleteLength: 1, maximumLength: Int.max) { [self] data, contentContext, isComplete, error in if let data = data { receivedData.append(data) print(contentContext) if isComplete || error != nil || connection.state != .ready { cancelConnection(connection) } else { processor?.receive(withConnection: connection, completion: completion) } } else { cancelConnection(connection) } } } I am consuming regular HTTP endpoints. The data in receive comes in chunks but isComplete parameter never becomes true, so I don't know when to stop and send the complete receivedData back. I've thought of adding a timeout, but it seems kind of hacky. Is there a better solution?

I'm trying to get the ASK Sample to discover and connect to a device using a 16-bit uuid. In my case, I have a few fitness sensors laying around like heart rate monitors and cycling sensors. Specifically, I've configured the following descriptor to be shown in the picker: private static let heartRateMonitor: ASPickerDisplayItem = { let descriptor = ASDiscoveryDescriptor() descriptor.bluetoothServiceUUID = CBUUID(string: "180D") return ASPickerDisplayItem(name: "Heart Rate Monitor", productImage: UIImage(named: "PolarH10")!, descriptor: descriptor) }() 100% another app on the device using an unfiltered scan can find this device, so I know the phone can see it. Also, the settings app Bluetooth screen sees it too. When the picker is active for this descriptor, in console I see the device is being discovered and it is matching the underlying filter. However the picker doesn't show the device. Received 'start active Unspecified scan' request , without duplicates, duration:unlimited, UUIDs [ E56A082E-C49B-47CA-A2AB-389127B8ABE3 E56A082E-C49B-47CA-A2AB-389127B8ABE4 0x180D ] on 1M PHY from session "com.apple.deviceaccessd-central-727-198" Matched UUID 0x180D for device "D3030A85-BBB9-6C0D-53C4-6697898B2E4B" This is an apparent bug: FB14078940 - AccessorySetupKit: ASDiscoveryDescriptor does not appear to identify 16-bit UUIDs like the Heart Rate Service/Profile UUID After more tinkering, I did discover that if I connect the device in the settings app, and keep it connected, the picker will find the device immediately. I assume it is under the hood it is calling this function or the internal implementation: https://developer.apple.com/documentation/corebluetooth/cbcentralmanager/retrieveconnectedperipherals(withservices:) This is still not expected, a developer should be able to discover and connect an accessory directly in their app. Noteworthy, I also found that ALL apps in the Settings app list the accessory once paired, which is totally not expected: FB14170263 - Settings: Viewing accessories in settings app for all apps show the accessory paired with another application P.S. forum moderators, there is no tag for 'AccessorySetupKit' which is the technology I'd like to tag this with. Last tested with iOS 18 developer beta 2.

Title: Loss of Internet Connectivity on iOS Device When Packet Tunnel Crashes Feedback ticket: https://feedbackassistant.apple.com/feedback/14162605 Product: iPhone 12 Version: iOS - 17.5.1 Configuration: NETunnelProviderManager Configuration Description: We are developing an iOS VPN client and have configured our packet tunnel provider according to Apple's guidelines. The configuration is as follows: includeAllNetworks = YES excludeLocalNetworks = NO enforceRoutes = NO This setup works as expected when the VPN successfully connects. However, we encounter a blocker issue where the device loses internet connectivity if the packet tunnel crashes. Steps to Reproduce: Configure the NETunnelProviderManager with the above settings. Connect the VPN, which successfully establishes a connection. Verify that resources are accessible and internet connectivity is functional. Packet tunnel to crash unexpectedly.Observe that the NE process (Packet Tunnel) restarts automatically, as expected and attempts to reconnect the VPN; however, the device now lacks internet connectivity, preventing VPN reconnection. Try accessing resources using Safari or any other internet-dependent app, resulting in an error indicating the device is not connected to the internet. Actual Results: The device loses internet connectivity after the packet tunnel crashes and fails to regain it automatically, preventing the VPN from reconnecting. Expected Results: The device should maintain internet connectivity or recover connectivity to allow the VPN to reconnect successfully after the packet tunnel process restarts. Workaround - iPhone device needs a restart to regain internet connectivity .

We have observed for a few months that the Instruments tool in Xcode does not show correct memory allocation for the PacketTunnelProvider process on iOS 17. The memory allocation does not exceed 6-7 MB, which is not the case with iOS 16 or 15. Additionally, Instruments crashes the PacketTunnelProvider process after profiling for a few minutes. Please note that I am not running Xcode in debugger mode for the PacketTunnelProvider process along with instruments, as this is a known issue that causes the PacketTunnelProvider to be killed when both Instruments and the Xcode debugger are running. Is anyone else facing this issue and have a workaround?

Hi All: Our use NSURLSession dataTaskWithRequest to connect our https server, However, in one macOS, sometimes, we encounter these error when TLS handshake. default 2024-06-24 17:52:03.054447 +0900 test-app boringssl_context_info_handler(2069) [C1209.1.1:2][0x7f9067117b10] Client handshake state: TLS client read_server_certificate info 2024-06-24 17:52:03.054462 +0900 test-app boringssl_session_handshake_incomplete(97) [C1209.1.1:2][0x7f9067117b10] Handshake incomplete: waiting for data to read [2] info 2024-06-24 17:52:03.054552 +0900 test-app boringssl_session_handshake_incomplete(97) [C1209.1.1:2][0x7f9067117b10] Handshake incomplete: waiting for data to read [2] info 2024-06-24 17:52:03.054557 +0900 test-app boringssl_session_handshake_incomplete(97) [C1209.1.1:2][0x7f9067117b10] Handshake incomplete: waiting for data to read [2] info 2024-06-24 17:52:03.054590 +0900 test-app boringssl_session_handshake_incomplete(97) [C1209.1.1:2][0x7f9067117b10] Handshake incomplete: waiting for data to read [2] default 2024-06-24 17:52:03.054769 +0900 test-app boringssl_context_info_handler(2069) [C1209.1.1:2][0x7f9067117b10] Client handshake state: TLS client read_certificate_status default 2024-06-24 17:52:03.054773 +0900 test-app boringssl_context_info_handler(2069) [C1209.1.1:2][0x7f9067117b10] Client handshake state: TLS client verify_server_certificate default 2024-06-24 17:52:03.055123 +0900 test-app boringssl_context_evaluate_trust_async(1635) [C1209.1.1:2][0x7f9067117b10] Performing external trust evaluation default 2024-06-24 17:52:03.055308 +0900 test-app boringssl_context_evaluate_trust_async_external(1620) [C1209.1.1:2][0x7f9067117b10] Asyncing for external verify block info 2024-06-24 17:52:03.055316 +0900 test-app boringssl_session_handshake_incomplete(97) [C1209.1.1:2][0x7f9067117b10] Handshake incomplete: certificate evaluation result pending [16] default 2024-06-24 17:52:03.055466 +0900 test-app Connection 1209: asked to evaluate TLS Trust default 2024-06-24 17:52:03.056082 +0900 test-app Task <407E11A6-12E8-4818-82B4-BC5B4909130F>.<1405> auth completion disp=1 cred=0x0 default 2024-06-24 17:52:03.064388 +0900 test-app Trust evaluate failure: [leaf SSLHostname TemporalValidity] default 2024-06-24 17:52:03.064390 +0900 test-app System Trust Evaluation yielded status(-9802) error 2024-06-24 17:52:03.064392 +0900 test-app ATS failed system trust error 2024-06-24 17:52:03.064393 +0900 test-app Connection 1209: system TLS Trust evaluation failed(-9802) default 2024-06-24 17:52:03.064393 +0900 test-app Connection 1209: TLS Trust result -9802 error 2024-06-24 17:52:03.064395 +0900 test-app Connection 1209: TLS Trust encountered error 3:-9802 error 2024-06-24 17:52:03.064397 +0900 test-app Connection 1209: encountered error(3:-9802) default 2024-06-24 17:52:03.064400 +0900 test-app Connection 1209: cleaning up default 2024-06-24 17:52:03.064404 +0900 test-app Connection 1209: summary for unused connection {protocol="(null)", domain_lookup_duration_ms=0, connect_duration_ms=0, secure_connection_duration_ms=0, private_relay=false, idle_duration_ms=0} default 2024-06-24 17:52:03.064438 +0900 test-app [C1209 63DEF1F8-AC5F-4285-B32B-D3AE707C513A Hostname#229f20b3:443 tcp, url hash: 693c58e9, tls, definite, attribution: developer] cancel I found TLS Trust evaluation failed(-9802) this error. I checked server's certificate, it is ok. On this macOS, this issue happens sometimes, not always. Thanks for your feedback.