Why some iphone apps won't finish ssl handshake with Charles Proxy?

Grant Brown picture Grant Brown · Jul 26, 2015 · Viewed 24.4k times · Source

I am using Charles Proxy to see all of the traffic that is coming out of my iphone. I have the ssl certificate/profile installed on my iphone and I can see a lot of the traffic that is ssl encrypted. However, some applications seem to not finish the ssl handshake.

The error is: "SSLHandshake: Remote host closed connection during handshake" and then Charles Proxy suggests to configure the application to trust the Charles Root Certificate. I thought I did when I installed the profile onto my iphone?

Any explanation of this/way to fix it?

Answer

Neil Sarkar picture Neil Sarkar · Jul 19, 2017

Yes, SSL pinning is a possibility. Although as of iOS 10.3, you must take an additional step to trust the Charles Root Certificate that is not currently documented on their website edit: this info is now under iOS Devices here: https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/

Settings > General > About > Certificate Trust Testings

Source: https://www.neglectedpotential.com/2017/04/trusting-custom-root-certificates-on-ios-10-3/