Twitter Application on Iphone and Ipad not working through ProxySG

book

Article ID: 168640

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Error shows on application.

ERROR
an error occurred. Please try again later.
(TLS trust verification failed)

The browser-based version of twitter works.

Browsing around the ProxySG appliance, the Twitter App is working perfectly.
 

Cause

The cause for this issue has to do with certificate pining, which requires that the client and server communicate with each other directly. At the time this article was written, the Twitter app on iOS uses Certificate pinning, so SSL interception, (where the ProxySG appliance acts as a man in the middle) causes this communication to fail.

A PCAP shows that the client/server handshake fails when communicating with api.twitter.com.

Further info on the twitter dev site i.e. pinning for this app.

https://dev.twitter.com/overview/api/ssl

Resolution

Workaround

To work around this issue, either add the IP address for api.twitter.com to your static bypass list, (transparent deployments) or disable protocol detection for api.twitter.com (explicit deployments) so that app traffic is tunneled.