Burp community forum

[iOS 8] The client failed to negotiate an ssl connection to ......

Lawrence | Last updated: Aug 17, 2015 03:28PM UTC

Hi there, I got this error even when I followed this link https://support.portswigger.net/customer/portal/articles/1841109-Mobile%20Set-up_iOS%20Device%20-%20Installing%20CA%20Certificate.html and installed the Burp CA certificate. There are no errors when I am browsing on safari on Burp proxy. However, when I tried using other mobile apps such as Facebook native app which requires ssl connection I got errors such as "The client failed to negotiate an SSL connection to www.facebook.com:443: Remote host closed connection during handshake." "The client failed to negotiate an SSL connection to itunes.apple.com:443: Remote host closed connection during handshake." Anyway to resolve this issue? Thanks :)

PortSwigger Agent | Last updated: Aug 18, 2015 09:32AM UTC

It's possible that the native apps are not using the CA certificate that you have installed on the device and which is being used by Safari. Some native apps use their own certificate trust store, and some implement certificate pinning to only trust specific server-side certificates. In this situation, breaking the SSL tunnel is non-trivial and may entail jailbreaking the device or using some other advanced tools.

Liam, PortSwigger Agent | Last updated: Oct 08, 2015 07:48AM UTC

Thanks Ronaldo. We've added a note to our Support Center page for Installing Burp's CA Certificate in an iOS Device. - https://support.portswigger.net/customer/portal/articles/1841109-Mobile%20Set-up_iOS%20Device%20-%20Installing%20CA%20Certificate.html

Burp User | Last updated: Sep 15, 2017 03:18PM UTC

For iOS 10 now you have to go to general - About - Certificate Trust Settings and enable full trust for root certificates for PortSwigger CA

You need to Log in to post a reply. Or register here, for free.