221953 – Mobile iOS Safari cannot establish secure connection

Bug 221953 - Mobile iOS Safari cannot establish secure connection

Summary: Mobile iOS Safari cannot establish secure connection

Status:	RESOLVED INVALID

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	Safari 14
Hardware:	iPhone / iPad iOS 14

Importance:	P2 Normal
Assignee:	Nobody

URL:	https://demo_feed.tradingview.com
Keywords:

Depends on:
Blocks:

Reported:	2021-02-16 02:20 PST by timocov
Modified:	2021-02-17 15:07 PST (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description timocov 2021-02-16 02:20:18 PST

1. Open https://demo_feed.tradingview.com in mobile Safari with latest iOS (I use iPad, but able to reproduce on iPhone as well)

=> It says "Safari cannot open the page because it could not establish a secure connection to the server."

But SSL certificate is valid and seems fit all requirements (like for short-term certificates). If you open it on desktop browser, you'll see the page (Firefox, Chrome and even Safari work fine).

Furthermore, if you open https://demo-feed-data.tradingview.com it opens this page fine even this domain is pointed to the exactly the same server and machine.

Comment 1 Alexey Proskuryakov 2021-02-16 17:03:26 PST

Thank you for the report! I reproduced the same in Safari on Mac too, but only on first load.

For what it's worth, I noticed an error about 825 day validity policy in system log when opening this page, which is probably about <https://support.apple.com/en-us/HT210176>.

In any case, TLS code is in system frameworks below WebKit, so someone from Apple will need to take a look. Could you please report this to Apple via https://feedbackassistant.apple.com ?

Comment 2 timocov 2021-02-16 23:14:01 PST

> which is probably about <https://support.apple.com/en-us/HT210176>.

I cannot tell you for sure right now, but afaik the previous certificate was issues before 2019 (it was 3 years long and ended in Jan 2021), but the page says about 825 days "Additionally, all TLS server certificates issued after July 1, 2019". The new certificate is valid less than 1 year I believe and should be valid but this policy. Also, I should say that we have a lot of other domains which were with this certificate and we were able to open them without any issue. This is made this bug really weird.

> In any case, TLS code is in system frameworks below WebKit

Also, I tried to curl these domains on my iPad and it said that no issues were found with certificate and it easily connect to the server without any SSL issues. Are there some layers between Safari and Webkit but not system?

> so someone from Apple will need to take a look. Could you please report this to Apple via https://feedbackassistant.apple.com ?

Yes, I already did that several months ago, but still no response or fixes. I contacted https://twitter.com/othermaciej several days ago with that and he suggested me to open this issue here so you can route to the proper team if not you. So what's the best way to handle this?

Comment 3 Alexey Proskuryakov 2021-02-17 10:22:15 PST

curl is likely implementing its own TLS, not using system frameworks (so do Chrome and Firefox).

If you post the feedback ID here, I can check what's going on (but will not say anything), because I care about Safari being able to open webpages.

Comment 4 timocov 2021-02-17 11:29:02 PST

Sure, here it is FB8829787. Thanks!

Comment 5 Alexey Proskuryakov 2021-02-17 15:07:25 PST

Thank you. For other Apple employees, see rdar://problem/70721372.