Apple Device MDM enrolment fails if client certificate is requested during SSL Handshake

FB9895426 (Apple Device MDM enrolment fails if client certificate is requested during SSL Handshake)

Device enrolment fails in an MDM Server configured with client certificate authentication.

Upon investigating the issue, we noticed that the device drops the SSL handshake if a client certificate is requested during the handshake.

Wireshark Screenshot:

From the console logs, we noticed the below error:

<MCHTTPRequestor: 0x283b560a0> cannot accept the authentication method NSURLAuthenticationMethodClientCertificate

The TLS protocol states that "If no suitable certificate is available, the client SHOULD send a certificate message containing no certificates.". Thus, we expect the MDM client to respond with a "no certificate" response during the SSL handshake.

Someone has already raised the same question but there's no reply yet:

https://developer.apple.com/forums/thread/680328 https://developer.apple.com/forums/thread/676579

Any help would be appreciated. Thanks in advance.

Apple Device MDM enrolment fails if client certificate is requested during SSL Handshake
 
 
Q