starred/Proxyman
1
0
Fork 0
mirror of https://github.com/ProxymanApp/Proxyman.git synced 2026-04-27 00:55:57 +03:00
Code Issues 1.2k Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #901] iOS simulator SSL handshake failure on some subdomains #896

New issue
Closed
opened 2026-03-03 19:22:48 +03:00 by kerem · 22 comments
kerem commented 2026-03-03 19:22:48 +03:00
Owner
Copy link

Originally created by @EricMentele on GitHub (May 28, 2021).
Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/901

Originally assigned to: @NghiaTranUIT on GitHub.

Proxyman version? (Ex. Proxyman 1.4.3)

Version 2.26.0 (22600) free version

macOS Version? (Ex. mac 10.14)

Big Sur 11.4

Steps to reproduce

Install Mac OS Cert and cert on open simulators with reboot
Cert is trusted
Login to app
Error bad request in app.
Proxyman SSL handshake failure 999 on one subdomain.

Expected behavior

All calls succeed and show payloads in json format

Screenshots (optional)

image

Originally created by @EricMentele on GitHub (May 28, 2021). Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/901 Originally assigned to: @NghiaTranUIT on GitHub. ### Proxyman version? (Ex. Proxyman 1.4.3) Version 2.26.0 (22600) free version ### macOS Version? (Ex. mac 10.14) Big Sur 11.4 ### Steps to reproduce Install Mac OS Cert and cert on open simulators with reboot Cert is trusted Login to app Error bad request in app. Proxyman SSL handshake failure 999 on one subdomain. ### Expected behavior All calls succeed and show payloads in json format ### Screenshots (optional) ![image](https://user-images.githubusercontent.com/5101005/119914353-c88f0780-bf14-11eb-8e64-68dc64b62966.png)
kerem 2026-03-03 19:22:48 +03:00
kerem commented 2026-03-03 19:22:49 +03:00
Author
Owner
Copy link

@EricMentele commented on GitHub (May 28, 2021):

Happy to jump on a call with you if it will help.

<!-- gh-comment-id:850038368 --> @EricMentele commented on GitHub (May 28, 2021): Happy to jump on a call with you if it will help.
kerem commented 2026-03-03 19:22:49 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (May 28, 2021):

Hi, I'm not sure what caused the error on this particular domain 🤔

I tried to get this domain and it works on my end.

curl -v 'https://fhir-staging.medinformatix.cc' --proxy http://localhost:9090
Screen Shot 2021-05-28 at 12 31 21

@EricMentele Can you help me to execute this command in your Terminal app? (Please make sure Proxyman app is opening), and see if you're able to see the HTTPS Response 👍

<!-- gh-comment-id:850145435 --> @NghiaTranUIT commented on GitHub (May 28, 2021): Hi, I'm not sure what caused the error on this particular domain 🤔 I tried to get this domain and it works on my end. ```bash curl -v 'https://fhir-staging.medinformatix.cc' --proxy http://localhost:9090 ``` <img width="1653" alt="Screen Shot 2021-05-28 at 12 31 21" src="https://user-images.githubusercontent.com/5878421/119934821-9f23b980-bfb0-11eb-9e9a-da95e8939f0c.png"> @EricMentele Can you help me to execute this command in your Terminal app? (Please make sure Proxyman app is opening), and see if you're able to see the HTTPS Response 👍
kerem commented 2026-03-03 19:22:49 +03:00
Author
Owner
Copy link

@EricMentele commented on GitHub (May 28, 2021):

image

<!-- gh-comment-id:850168876 --> @EricMentele commented on GitHub (May 28, 2021): ![image](https://user-images.githubusercontent.com/5101005/119938645-95af3880-bf41-11eb-9c0c-6a20c0b376ee.png)
kerem commented 2026-03-03 19:22:49 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (May 28, 2021):

So it works from curl but doesn't work from your iOS Simulator.

From what I see in your first screenshot, you're able to see other HTTPS Requests from iOS Simulator, which means the certificate is installed and trusted properly.

Just wondering: Does this issue happen in your real iOS Device or it happens only with iOS Simulator?

<!-- gh-comment-id:850170070 --> @NghiaTranUIT commented on GitHub (May 28, 2021): So it works from curl but doesn't work from your iOS Simulator. From what I see in your first screenshot, you're able to see other HTTPS Requests from iOS Simulator, which means the certificate is installed and trusted properly. Just wondering: Does this issue happen in your real iOS Device or it happens only with iOS Simulator?
kerem commented 2026-03-03 19:22:49 +03:00
Author
Owner
Copy link

@EricMentele commented on GitHub (May 28, 2021):

It doesn't work. That has an error. On the simulator two calls work and one gets an ssl handshake failure.

<!-- gh-comment-id:850170965 --> @EricMentele commented on GitHub (May 28, 2021): It doesn't work. That has an error. On the simulator two calls work and one gets an ssl handshake failure.
kerem commented 2026-03-03 19:22:49 +03:00
Author
Owner
Copy link

@EricMentele commented on GitHub (May 28, 2021):

It's strange because the MacOs proxy seems to work. Tested it on Google.com and also the two calls from the app from the simulator. Haven't tried it on device because I need it to work on the simulator.

<!-- gh-comment-id:850172365 --> @EricMentele commented on GitHub (May 28, 2021): It's strange because the MacOs proxy seems to work. Tested it on Google.com and also the two calls from the app from the simulator. Haven't tried it on device because I need it to work on the simulator.
kerem commented 2026-03-03 19:22:49 +03:00
Author
Owner
Copy link

@EricMentele commented on GitHub (May 28, 2021):

I have Charles Proxy and it can't even install certs on the simulator anymore.

<!-- gh-comment-id:850172634 --> @EricMentele commented on GitHub (May 28, 2021): I have Charles Proxy and it can't even install certs on the simulator anymore.
kerem commented 2026-03-03 19:22:49 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (May 28, 2021):

Thanks for getting back. You can fix the Charles Proxy by following this answer: https://stackoverflow.com/a/67297897/3127477

and try to use Charles Proxy to see if you're able to reproduce the bug 🤔

I'm not sure why only this domain doesn't work. If it's a bug from Proxyman, I suppose you couldn't see any Request from your iOS Simulator.

<!-- gh-comment-id:850174028 --> @NghiaTranUIT commented on GitHub (May 28, 2021): Thanks for getting back. You can fix the Charles Proxy by following this answer: https://stackoverflow.com/a/67297897/3127477 and try to use Charles Proxy to see if you're able to reproduce the bug 🤔 I'm not sure why only this domain doesn't work. If it's a bug from Proxyman, I suppose you couldn't see any Request from your iOS Simulator.
kerem commented 2026-03-03 19:22:50 +03:00
Author
Owner
Copy link

@EricMentele commented on GitHub (May 28, 2021):

I tried the manual root cert; however, my admin account gets rejected. It would be great to get Proxyman working because I like it more.

<!-- gh-comment-id:850177095 --> @EricMentele commented on GitHub (May 28, 2021): I tried the manual root cert; however, my admin account gets rejected. It would be great to get Proxyman working because I like it more.
kerem commented 2026-03-03 19:22:50 +03:00
Author
Owner
Copy link

@EricMentele commented on GitHub (May 28, 2021):

Strange... now I don't see any traffic from the simulator.

<!-- gh-comment-id:850178570 --> @EricMentele commented on GitHub (May 28, 2021): Strange... now I don't see any traffic from the simulator.
kerem commented 2026-03-03 19:22:50 +03:00
Author
Owner
Copy link

@EricMentele commented on GitHub (May 28, 2021):

Saw this in the earlier terminal output: * ALPN, server did not agree to a protocol

<!-- gh-comment-id:850179611 --> @EricMentele commented on GitHub (May 28, 2021): Saw this in the earlier terminal output: * ALPN, server did not agree to a protocol
kerem commented 2026-03-03 19:22:50 +03:00
Author
Owner
Copy link

@EricMentele commented on GitHub (May 28, 2021):

Very strange. I rebooted Proxyman and now it only shows firebase and doesn't seem to log any other traffic even though ssl is active for the app.

<!-- gh-comment-id:850182685 --> @EricMentele commented on GitHub (May 28, 2021): Very strange. I rebooted Proxyman and now it only shows firebase and doesn't seem to log any other traffic even though ssl is active for the app.
kerem commented 2026-03-03 19:22:50 +03:00
Author
Owner
Copy link

@EricMentele commented on GitHub (May 28, 2021):

The app calls are all succeeding without being recorded. Thank you for trying to help. I understand if this is too weird of an issue spend time on. Did not used to have it and think it may be related to an Xcode update.

<!-- gh-comment-id:850183926 --> @EricMentele commented on GitHub (May 28, 2021): The app calls are all succeeding without being recorded. Thank you for trying to help. I understand if this is too weird of an issue spend time on. Did not used to have it and think it may be related to an Xcode update.
kerem commented 2026-03-03 19:22:50 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (May 28, 2021):

Sorry to hear that.

Saw this in the earlier terminal output: * ALPN, server did not agree to a protocol

It's correct behavior because Proxyman doesn't support HTTP/2 yet, so ALPN would use HTTP/1.1 => cURL will print this warning.

Regarding the issue, I would like to suggest:

  1. Turn off all VPN app (if it's opening)
  2. Try again with iOS Simulator and iOS Devices
  3. If the bug remains, maybe we should try Charles Proxy, to see if you can reproduce it.

Meanwhile, I will investigate the bug

<!-- gh-comment-id:850185325 --> @NghiaTranUIT commented on GitHub (May 28, 2021): Sorry to hear that. > Saw this in the earlier terminal output: * ALPN, server did not agree to a protocol It's correct behavior because Proxyman doesn't support HTTP/2 yet, so ALPN would use HTTP/1.1 => cURL will print this warning. ------------ Regarding the issue, I would like to suggest: 1. Turn off all VPN app (if it's opening) 2. Try again with iOS Simulator and iOS Devices 3. If the bug remains, maybe we should try Charles Proxy, to see if you can reproduce it. Meanwhile, I will investigate the bug
kerem commented 2026-03-03 19:22:50 +03:00
Author
Owner
Copy link

@EricMentele commented on GitHub (May 28, 2021):

I just tried Charles and it told me no devices are booted, when installing the cert... Used the command line version of the link you sent me. That is odd because I have a simulator open and running.

<!-- gh-comment-id:850190912 --> @EricMentele commented on GitHub (May 28, 2021): I just tried Charles and it told me no devices are booted, when installing the cert... Used the command line version of the link you sent me. That is odd because I have a simulator open and running.
kerem commented 2026-03-03 19:22:50 +03:00
Author
Owner
Copy link

@EricMentele commented on GitHub (May 28, 2021):

I found the issue!

"Similar scenario with iOS14.
The SSL certificate is approved for a subdomain with a wild card (*.enabley.io). We noticed that when the prefix of the wildcard contains underscore (e.g. better_office.enabley.io), the certificate is not recognized. However when the prefix doesn't contain underscore (betteroffice.enabley.io), everything works perfectly.

Any clues?"

The failing domain on my simulator has an _

https://developer.apple.com/forums/thread/655074

<!-- gh-comment-id:850208886 --> @EricMentele commented on GitHub (May 28, 2021): I found the issue! "Similar scenario with iOS14. The SSL certificate is approved for a subdomain with a wild card (*.enabley.io). We noticed that when the prefix of the wildcard contains underscore (e.g. better_office.enabley.io), the certificate is not recognized. However when the prefix doesn't contain underscore (betteroffice.enabley.io), everything works perfectly. Any clues?" The failing domain on my simulator has an _ https://developer.apple.com/forums/thread/655074
kerem commented 2026-03-03 19:22:50 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (May 28, 2021):

Thanks for the link @EricMentele 🌮

Look like it's the issue from the Networking library from Apple (URLSession), which automatically rejected the HTTPS https://fhir-staging.medinformatix.cc, which doesn't match the certificate.

Screen Shot 2021-05-28 at 14 28 32

Therefore, we could not do anything to fix it.

You should raise this issue to your team, and update the domain in order to make it work 🌮

<!-- gh-comment-id:850213197 --> @NghiaTranUIT commented on GitHub (May 28, 2021): Thanks for the link @EricMentele 🌮 Look like it's the issue from the Networking library from Apple (URLSession), which automatically rejected the HTTPS `https://fhir-staging.medinformatix.cc`, which doesn't match the certificate. <img width="1026" alt="Screen Shot 2021-05-28 at 14 28 32" src="https://user-images.githubusercontent.com/5878421/119946589-fd589880-bfc0-11eb-88fc-0eaf36c6cbca.png"> Therefore, we could not do anything to fix it. You should raise this issue to your team, and update the domain in order to make it work 🌮
kerem commented 2026-03-03 19:22:50 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (May 28, 2021):

Hmm, sorry, look like the domain is already correct https://fhir-staging.medinformatix.cc (no underscore)

<!-- gh-comment-id:850213765 --> @NghiaTranUIT commented on GitHub (May 28, 2021): Hmm, sorry, look like the domain is already correct `https://fhir-staging.medinformatix.cc` (no underscore)
kerem commented 2026-03-03 19:22:50 +03:00
Author
Owner
Copy link

@EricMentele commented on GitHub (May 28, 2021):

The underscore is in the full path: getEncountersForPatientId URL https://fhir-staging.medinformatix.cc/v3/Encounter?patient=T500014&_include=*

<!-- gh-comment-id:850219009 --> @EricMentele commented on GitHub (May 28, 2021): The underscore is in the full path: getEncountersForPatientId URL https://fhir-staging.medinformatix.cc/v3/Encounter?patient=T500014&_include=*
kerem commented 2026-03-03 19:22:50 +03:00
Author
Owner
Copy link

@EricMentele commented on GitHub (May 28, 2021):

I reached out to my team and asked them if we can replace underscores. Thank you for your help!

<!-- gh-comment-id:850220880 --> @EricMentele commented on GitHub (May 28, 2021): I reached out to my team and asked them if we can replace underscores. Thank you for your help!
kerem commented 2026-03-03 19:22:51 +03:00
Author
Owner
Copy link

@EricMentele commented on GitHub (May 28, 2021):

Problem solved. I had a space in a request header string... 🤦‍♂️ @NghiaTranUIT

<!-- gh-comment-id:850586658 --> @EricMentele commented on GitHub (May 28, 2021): Problem solved. I had a space in a request header string... 🤦‍♂️ @NghiaTranUIT
kerem commented 2026-03-03 19:22:51 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (May 29, 2021):

Glad to know you finally fix a bug 😄 🌮

<!-- gh-comment-id:850749766 --> @NghiaTranUIT commented on GitHub (May 29, 2021): Glad to know you finally fix a bug 😄 🌮
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
6.9.0
6.8.0
6.7.0
6.6.0
6.5.0
6.4.0
6.3.0
6.2.0
6.1.0
6.0.2
6.0.0
6.0.1
5.25.0
5.24.0
5.23.0
5.23.1
5.22.0
5.20.0
5.21.0
5.19.0
5.18.0
5.17.0
5.16.0
5.15.0
5.14.0
5.12.2
5.12.1
5.12.0
5.11.0
5.10.0
5.8.0
5.9.0
5.7.0
5.6.1
5.6.0
5.5.0
5.4.0
5.2.0
5.3.0
5.1.1
5.0.0
4.16.0
4.15.0
4.14.0
4.13.0
4.12.0
4.11.0
4.10.0
4.9.1
4.9.0
4.8.2
4.8.1
4.8.0
4.7.1
4.7.0
4.6.1
4.6.0
4.5.0
4.4.0
4.3.1
4.3.0
4.2.1
4.2.0
4.1.0
4.0.0
3.15.0
3.14.0
3.13.0
3.12.0
3.11.0
3.10.0
3.9.0
3.8.0
3.7.0
3.6.2
3.6.1
3.6.0
3.5.2
3.5.1
3.5.0
3.4.0
3.3.0
3.2.0
3.1.0
3.0.0
2.35.4
2.35.3
2.35.2
2.35.1
2.35.0
2.34.1
2.34.0
2.33.0
2.32.1
2.32.0
2.31.0
2.30.0
2.29.0
2.28.0
2.27.0
2.26.0
2.25.0
2.24.0
2.23.0
2.22.0
2.21.1
2.21.0
2.20.0
2.19.0
2.18.0
2.17.0
2.16.1
2.16.0
2.15.2
2.15.1
2.15.0
2.14.2
2.14.1
2.14.0
2.13.0
2.12.0
2.11.1
2.11.0
2.10.0
2.9.1
2.9.0
2.8.0
2.7.0
2.6.0
2.5.3
2.5.2
2.5.1
2.5.0
2.4.2
2.4.1
2.4.0
2.3.0
2.2.0
2.1.1
2.1.0
2.0.1
2.0.0
1.24.0
1.23.0
1.22.0
1.21.0
1.20.0
1.19.0
1.18.1
1.18.0
1.17.1
1.17.0
1.16.0
1.15.0
1.14.1
1.14.0
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.3
1.9.2
1.9.1
1.9.0
1.8.0
1.7.2
1.7.1
1.7.0
1.6.2
1.6.1
1.6.0
1.5.1
1.5.0
1.4.7
1.4.6
1.4.5.1
1.4.5
1.4.4.1
1.4.4
1.4.3
1.4.2
1.4.1.1
1.4.1
1.4
1.3.9
1.3.8
1.3.7
1.3.6
1.3.5
1.3.4.3
1.3.4.2
1.3.4.1
1.3.4
1.3.3
1.3.2
1.3.1
1.3
1.2
1.1.2
1.1.1
1.1
1.0.3
1.0.2
1.0
0.8.1
0.8
0.7
0.6
0.5.1
0.5
v0.4.1
Labels
Clear labels   
Discussion

   
Feature request

   
In Progress...

   
Plugins

   
Waiting response

   
Windows

   
Windows

   
bug

   
duplicate

   
enhancement

   
feature

   
good first issue

   
iOS

   
macOS 10.11

   
question

   
wontfix

   
Done
No labels
Discussion
Feature request
In Progress...
Plugins
Waiting response
Windows
Windows
bug
duplicate
enhancement
feature
good first issue
iOS
macOS 10.11
question
wontfix
Done
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Proxyman#896
No description provided.