RESOLVED INVALID221953
Mobile iOS Safari cannot establish secure connection 
https://bugs.webkit.org/show_bug.cgi?id=221953
Summary Mobile iOS Safari cannot establish secure connection
timocov
Reported 2021-02-16 02:20:18 PST
1. Open https://demo_feed.tradingview.com in mobile Safari with latest iOS (I use iPad, but able to reproduce on iPhone as well) => It says "Safari cannot open the page because it could not establish a secure connection to the server." But SSL certificate is valid and seems fit all requirements (like for short-term certificates). If you open it on desktop browser, you'll see the page (Firefox, Chrome and even Safari work fine). Furthermore, if you open https://demo-feed-data.tradingview.com it opens this page fine even this domain is pointed to the exactly the same server and machine.
Attachments
Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2021-02-16 17:03:26 PST
Thank you for the report! I reproduced the same in Safari on Mac too, but only on first load. For what it's worth, I noticed an error about 825 day validity policy in system log when opening this page, which is probably about <https://support.apple.com/en-us/HT210176>. In any case, TLS code is in system frameworks below WebKit, so someone from Apple will need to take a look. Could you please report this to Apple via https://feedbackassistant.apple.com ?
timocov
Comment 2 2021-02-16 23:14:01 PST
> which is probably about <https://support.apple.com/en-us/HT210176>. I cannot tell you for sure right now, but afaik the previous certificate was issues before 2019 (it was 3 years long and ended in Jan 2021), but the page says about 825 days "Additionally, all TLS server certificates issued after July 1, 2019". The new certificate is valid less than 1 year I believe and should be valid but this policy. Also, I should say that we have a lot of other domains which were with this certificate and we were able to open them without any issue. This is made this bug really weird. > In any case, TLS code is in system frameworks below WebKit Also, I tried to curl these domains on my iPad and it said that no issues were found with certificate and it easily connect to the server without any SSL issues. Are there some layers between Safari and Webkit but not system? > so someone from Apple will need to take a look. Could you please report this to Apple via https://feedbackassistant.apple.com ? Yes, I already did that several months ago, but still no response or fixes. I contacted https://twitter.com/othermaciej several days ago with that and he suggested me to open this issue here so you can route to the proper team if not you. So what's the best way to handle this?
Alexey Proskuryakov
Comment 3 2021-02-17 10:22:15 PST
curl is likely implementing its own TLS, not using system frameworks (so do Chrome and Firefox). If you post the feedback ID here, I can check what's going on (but will not say anything), because I care about Safari being able to open webpages.
timocov
Comment 4 2021-02-17 11:29:02 PST
Sure, here it is FB8829787. Thanks!
Alexey Proskuryakov
Comment 5 2021-02-17 15:07:25 PST
Thank you. For other Apple employees, see rdar://problem/70721372.
Note You need to log in before you can comment on or make changes to this bug.