iOS13 public beta7 have problem with Charles certificate and unable to SSL proxying

9
votes

Everything is fine when my iPhone 7 is still iOS 12. After it upgrade to iOS13 public beta7, I found that my iPhone can not do SSL proxying with Charles 3.x version.

Charles says:

SSLHandshake: Remote host closed connection during handshake

You may need to configure your browser or application to trust the Charles Root Certificate. See SSL Proxying in the Help menu.

enter image description here

3
charles-proxyios13
I have to ask, because you don't clarify in your question: did you trust the Charles Root Certificate? charlesproxy.com/documentation/using-charles/ssl-certificatesLluís Suñol
Of cause I do trust certificate and iPhone could do SSL proxying when it's runing iOS12Yan Li
Could be related to new SSL requirements in iOS 13: support.apple.com/en-us/HT210176 (After all, this sort of middle-manning is exactly what such technology is intended to prevent!)Lightness Races in Orbit
There is no "3.x version". What actual version are you running? 4 came out three years ago - did you try upgrading? Did you try asking the developer?Lightness Races in Orbit

3 Answers

5
votes

Follow the steps given by the Charles. Steps from Charles After granting trust to the Charles certificate, need to do 1 more step, to enable full trust: https://support.apple.com/en-nz/HT204477

Instruction from Apple

4
votes

Far as I know, Apple has released new security requirements for TLS server certificates in iOS 13 and macOS 10.15. Thus, your Charles CA Root Certificate might be out-of-date. I think you could try to delete that certificate and re-install and trust Charles CA with the newest version of Charles to see if it works (Hope that Charles has updated and fixed this bug). I had switched from Charles to Proxyman and they also had a release to fix this bug: https://github.com/ProxymanApp/Proxyman/releases/tag/1.4.4.1

0
votes

The same issue on iOS 14.3. My solution was reinstalling the certificate. This requires regenerating Root certificate in Charles, which would prompt to install a new one when visiting chls.pro/ssl Recently I reset the device to factory settings, and maybe this caused this error to appear.