Spike in SSL handshake failures since iOS9 rollout

Fri, 18 Sep 2015 09:41:24 -0700 

Hi All,

Our app speaks a custom protocol over TCP+TLS to our servers. Since
9/16 afternoon, we have seen a significant increase in connection
errors from our app. We see connections being disconnected by the
client after socket establishment and before SSL can proceed.
Server-side tcpdump captures show that the client hangs up the
connection after the KEY EXCHANGE message is sent by the server.
However, the client's FIN doesn't even acknowledge that data. A sample
trace is copied below.

Our app is not built for iOS9 so we don't think any of the ATS
restrictions apply. We use GCDAsyncSocket to manage the socket on the
client. Since we can't reproduce it internally, this it is hard to
track down. Any idea what might be going on?

Thanks!
Imran

08:51:07.695986 IP client.4363 > server.443: Flags [S], seq 674087096,
win 65535, options [mss 1412,nop,wscale 5,nop,nop,TS val 447761077 ecr
0,sackOK,eol], length 0
08:51:07.696013 IP server.443 > client.4363: Flags [S.], seq
100047594, ack 674087097, win 7040, options [mss 1420,sackOK,TS val
3404908346 ecr 447761077,nop,wscale 10], length 0
08:51:07.890743 IP client.4363 > server.443: Flags [.], ack 1, win
4112, options [nop,nop,TS val 447761270 ecr 3404908346], length 0
08:51:07.892974 IP client.4363 > server.443: Flags [P.], seq 1:181,
ack 1, win 4112, options [nop,nop,TS val 447761273 ecr 3404908346],
length 180
08:51:07.892988 IP server.443 > client.4363: Flags [.], ack 181, win
8, options [nop,nop,TS val 3404908395 ecr 447761273], length 0
08:51:07.894623 IP server.443 > client.4363: Flags [.], seq 1:2801,
ack 181, win 8, options [nop,nop,TS val 3404908396 ecr 447761273],
length 2800
08:51:07.894637 IP server.443 > client.4363: Flags [P.], seq
2801:2959, ack 181, win 8, options [nop,nop,TS val 3404908396 ecr
447761273], length 158
08:51:07.902859 IP client.4363 > server.443: Flags [F.], seq 181, ack
1, win 4112, options [nop,nop,TS val 447761282 ecr 3404908346], length
0
08:51:07.902944 IP server.443 > client.4363: Flags [F.], seq 2959, ack
182, win 8, options [nop,nop,TS val 3404908398 ecr 447761282], length
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (Macnetworkprog@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macnetworkprog/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Reply via email to