Twitter Application on Iphone and Ipad not working through ProxySG

Article Id: 168640

Status: Published

Updated On: 13-05-2017 11:53

Legacy Id: TECH245308

Products:

ProxySG Software - SGOS

Issue/Introduction:

Error shows on application.

ERROR
an error occurred. Please try again later.
(TLS trust verification failed)

The browser-based version of twitter works.

Browsing around the ProxySG appliance, the Twitter App is working perfectly.

Cause:

The cause for this issue has to do with certificate pining, which requires that the client and server communicate with each other directly. At the time this article was written, the Twitter app on iOS uses Certificate pinning, so SSL interception, (where the ProxySG appliance acts as a man in the middle) causes this communication to fail.

A PCAP shows that the client/server handshake fails when communicating with api.twitter.com.

Further info on the twitter dev site i.e. pinning for this app.

https://dev.twitter.com/overview/api/ssl

Resolution:

Workaround

To work around this issue, either add the IP address for api.twitter.com to your static bypass list, (transparent deployments) or disable protocol detection for api.twitter.com (explicit deployments) so that app traffic is tunneled.