This is very likely an issue with negotiating particular EC ciphersuites. (Google prefers EC with TLS 1.2.)
We expect the fix will go into a post-10.8.3 update. (12581303)
As for Safari/CFNetwork, I believe they just retry with a lower TLS version.
On Mar 18 2013 08:49 PM, Nick Zitzmann wrote:
> I've found that, when I try to configure Secure Transport under OS X 10.8.3 to perform a handshake on the server "google.com" port 443 (note: there's no www there), SSLHandshake() returns error -50 (paramErr). More information:
> 1. I'm aware that it could return paramErr if the SSLContextRef is null, but it isn't. I already created the context using SSLCreateContext() and it's being passed correctly to SSLHandshake().
> 2. I'm also aware that it could return paramErr if the protocol versions were misconfigured, but that's not what's happening, either. I already set SSL 3.0 as the minimum protocol using SSLSetProtocolVersionMin(), and the maximum protocol (see below) using SSLSetProtocolVersionMax().
> 3. The read and write I/O functions are being called during the handshake and are not returning any errors.
> 4. This **only** happens when attempting to handshake using TLS 1.2. If I call SSLHandshake() after calling SSLSetProtocolVersionMax() with either TLS 1.1, TLS 1.0, or SSL 3.0, then it works as expected.
> 4. When I try to connect to "https://google.com/" in Safari, it works as expected. Clearly CFNetwork is doing something differently, but what? I thought Safari/CFNetwork used TLS 1.2 when it was available.
> What's going on here? What other things could cause SSLHandshake() to return paramErr? How do I handshake with this site using TLS 1.2?
> Nick Zitzmann
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden