Skip navigation

OSX 10.8/10.9 repair of 2048-bit certificates-based for L2TP over IPsec VPN

1426 Views 4 Replies Latest reply: Jun 5, 2013 4:34 PM by sokratisg RSS
3g91ld3a Level 1 Level 1 (0 points)
Currently Being Moderated
Feb 2, 2013 3:26 PM

Dear Apple Team,


I respectfully request that you repair the "native" VPN client built into OS X 10.8, and iOS 6. The problem is, the VPN client is mangling the certificate payload for certificates larger than 1024 bits. This is a fragmentation problem; when the client hits the standard ~1500 MTU of most network devices, it fragments the certificate. Fragmenting it is fine, but the client is not handling it correctly. The effect is that users with 2048-bit certs or higher cannot get on the VPN. The VPN server observes a faulty certificate or faulty payload. I have spoken with Enterprise support, who were most professional, and excellent, however, they indicated there was no support for the native client. Yet, since this *used* to work in iOS5 and below, as well as 10.7 and earlier, clearly something has broken in 10.8 and iOS6.


We all love using our iPads, iPhones, and OS X  devices in business. Please keep it that way and restore this lost functionality; any security-conscious organization that requires certificates for VPN will also require 2048-bit certificates (or more).


You can see more detail here:


Thank you very much.

MacBook Air, OS X Mountain Lion (10.8.2)


More Like This

  • Retrieving data ...

Bookmarked By (0)

This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.