4 Replies Latest reply: Jun 5, 2013 4:34 PM by sokratisg
3g91ld3a Level 1 Level 1 (0 points)

Dear Apple Team,

 

I respectfully request that you repair the "native" VPN client built into OS X 10.8, and iOS 6. The problem is, the VPN client is mangling the certificate payload for certificates larger than 1024 bits. This is a fragmentation problem; when the client hits the standard ~1500 MTU of most network devices, it fragments the certificate. Fragmenting it is fine, but the client is not handling it correctly. The effect is that users with 2048-bit certs or higher cannot get on the VPN. The VPN server observes a faulty certificate or faulty payload. I have spoken with Enterprise support, who were most professional, and excellent, however, they indicated there was no support for the native client. Yet, since this *used* to work in iOS5 and below, as well as 10.7 and earlier, clearly something has broken in 10.8 and iOS6.

 

We all love using our iPads, iPhones, and OS X  devices in business. Please keep it that way and restore this lost functionality; any security-conscious organization that requires certificates for VPN will also require 2048-bit certificates (or more).

 

You can see more detail here: https://discussions.apple.com/thread/4158642?start=0&tstart=0

 

Thank you very much.


MacBook Air, OS X Mountain Lion (10.8.2)