we use … CFStreamCreatePairWithSocketToHost
API
Hmmm, that’s not great. That API yields a CFSocketStream
, and that’s been deprecated for a while now. It should still work, but you certainly won’t get all the latest TLS features.
I recommend that you plan on replacing this with NWConnection
at some point in the future.
Having said that, this isn’t the cause of your main problem. You wrote:
50% of time it works
My experience is that our platforms are very ‘stable’ when it comes to TLS. That is, for any given server a TLS connection will work or it won’t. Intermittent problems like this are usually caused by issues on the server side. For example, I commonly see this when there’s a bunch of servers fronted by a redirector, and one of the servers is misconfigured.
Regardless, the path forward is clear: Use an RVI packet trace to see what’s happening on the ‘wire’. If, as I expect, you find that iOS behaves the same in both the failing and working cases, you can use that as evidence in your discussions with the folks who run the server.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"