Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

iOS 13.5 - Disable TLSv1.3 in Proxy Options

Leo | Last updated: Mar 15, 2021 05:16PM UTC

I looked over the User Forum and haven't found any updated information regarding TLSv1.3 regarding proxying traffic on iOS 13.5+ while using Burp Prov2021.2.1. I can confirm that when proxying traffic running Chromev87.0.4280.77 on iOS 13.5, Chrome produces an "ERR_CONNECTION_CLOSED" error but there is no error in the Event Log within the Dashboard tab. The website I was attempting to proxy is facebook.com, dell.com, and i'm given a warning when going to apple.com. Looking at the Site Information in the mobile Chrome browser, I see "The identity of this website has not been verified. Server's certificate is invalid". Before all this, in the Burp Pro version mentioned above, I regenerated a new CA certificate, went to "http://burp" in my iPhone's Safari browser, downloaded and installed the PortSwigger profile, and enabled Full Trust for Root Certificates for the PortSwigger CA. I am only able to load the webpages if I go to Proxy->Options->Click on proxy listener->Edit->TLS Protocols->Use custom protocols->Uncheck TLSv1.3 Do you know why I have to do this? I can provide Burp diagnostics if it'll help. Thanks!

Michelle, PortSwigger Agent | Last updated: Mar 16, 2021 01:14PM UTC

Thanks for your message. TLS1.3 is still a little buggy in the JDK which we currently rely on. For almost all applications there’s no difference using TLS1.2 vs TLS1.3 in terms of application behaviour which is why we added the option to disable TLS1.3 in the proxy specifically for this scenario. I hope this helps to explain things, if you've got any further questions, please let us know.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.