pkelley Posted June 1, 2022 Posted June 1, 2022 (edited) I have a UD994 running firmware 5.3.1. I have installed a trusted SSL cert from ZeroSSL. My Network configuration looks like this, HTTPS connections are accepted without error from Windows10 Edge and Chrome browsers. HTTPS connections fail 95% of the time from iPhone (IOS 15.5) Edge and Safari browsers. The error from Edge is, "ERR_SSL_VERSION_OR_CIPHER_MISMATCH". The error from Safari is, "Safari warns you when a website uses TLS 1.0 or TLS 1.1, which are not secure. This may allow an attacker to comprise your connection to steal your personal or financial information, including passwords, phone numbers, and credit cards. If you understand the risks involved, you can visit the site". UD Mobile v0.7.6 (IOS) remote connection fails 100% of the time with the following error, " 1. Error Domain=NSURLErrorDomain Code=-1200 “An SSL error has occurred and a secure connection to the server cannot be made.” UserInfo={NSErrorFailingURLStringKey=<redacted>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainkey=3, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask<EAD9DDB1-D05E9F2619A1>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey=(“LocalDataTask<EAD9DDB1-C8B2-4F16-9E91-D05E9F2619A1>.<1>”), NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=<redacted>, NSUnderlyingError=0x28222d0b0{Error Domain=kCFErrorDomainCFNetwork Code=-1200 “null” UserInfo={_kCFStreamPropertySSLClientstate=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9816, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9816, _NSURLErrorNWPathkey=satisfied (Path is satisfied), viable, interface: pdp_ip0[lte], ipv4, ipv6, dns, expensive}}, _kCFStreamErrorCodeKey=-9816}" UD Mobile v0.7.6 (IOS) local connections work 100% of the time. Any help or guidance would be much appreciated. Thank you Edited June 1, 2022 by Javi Redacted address
Javi Posted June 1, 2022 Posted June 1, 2022 Apple has been cracking down on unsecure connections, which explains failed connections on iPhone and not Windows. The links below details some of the CERT requirements for iOS: https://docs.digicert.com/manage-account/configure-private-ssl-certificate-products/ https://support.apple.com/en-us/HT211025 1
pkelley Posted June 3, 2022 Author Posted June 3, 2022 Thank you for the response. Looking through these links, I cannot see where the cert I have installed does not meet these requirements. The only thing that stands out is the signing algorithm for the cert is SHA-384, which is not listed in the ISY Network documentation. However, since this does work in Windows, perhaps this is not a factor... maybe. I am not well versed in SSL certificates, so I am sure I'm missing something. Perhaps there are other tests I can run that could provide more detail around the issue or issues.
Javi Posted June 8, 2022 Posted June 8, 2022 Hi @pkelley, The SSL errors shown in UD Mobile is the raw error thrown by iOS's security layer. If your router has a VPN server this may be the easiest self managed option for remote connections. Unfortunately we do not offer support for self managed SSL Certs as it creates too many support tickets. If you have not tried ISY Portal we offer a 30 day trial with a cost of about $1 a month after that time. ISY portal subscription cost is usually less than the cost of a single SSL cert. 3
Recommended Posts