Is safari v17.2 on a M1 MacBook Pro using TLSv1 to issue a fetch request to the server?

TLSv1.0 and TLSv1.1 will only be used if that’s both permissible for the connection, and is the highest available version. TLSv1.3 and TLSv1.2 are available, and preferred. Related: TLS security - Apple Support

Are you attempting to connect to a web server that you are running locally, or to a remote server not under your control?

What are the server-generated messages shown with the TLS-related complaints?

Are you using any add-on anti-malware apps, add-on first-few-hops VPN apps, any add-on ad blocker extensions, any network “nanny” apps, or other similar?

Is this within your own network, or a network associated with a business or school or other organization?

umberto34 wrote:

• First of all thank for your reply. It is very helpful and, in my case, it mostly answered my question. In particular the link to TLS security - Apple Support.

To answer your questions:

I am developing a webApp on the M1 Macbook Pro on Sonoma 14.2. The IDE is VS Code and am using Python3 v3.11 Flask framework plus some simple Javascript to do async processing. The development and testing are done in this same local machine. I use Safari and Chrome to test the App. The remote DB is provided by ElephantSql.

• The App uses Redis and Celery and it has been working fine for 2 months in the Dev Envrionment.

• However when I began porting the App to the Production environment ( AWS EC2 instance on Ubuntu 22.04) I started having problems connecting the celery tasks with the python endpoints.

• The errors included - net::ER_CONNECTION REFUSED , - Error] Failed to load resource: An SSL error has occurred and a secure connection to the server cannot be made.  - x13\x03À,À+Ì©À0À/̨À" HTTPStatus.BAD_REQUEST - 127.0.0.1 - - [31/Oct/2023 06:55:53] code 400, message Bad request version

These sorts of cross-platform apps tend to be a project to debug, as you have a substantial pile of third-party dependencies and tooling involved here. In general, you're probably going to be better served by forums and by folks familiar with and that can assist with troubleshooting the client code, and ~none of it is the Apple TLS-related tooling and the OpenSSL / LibreSSL libtls / App Transport Security / CFNetworks related bits that I'm more familiar with, and that tends to get discussed (occasionally) around here.

If you're actually getting TLSv1.0 here—and that's unclear—then it was something requested by either the client code or by the server. macOS and the Apple tooling fully supports TLSv1.3.

WHen I tried to do a curl to the URL rejecting the connection I got the typical SSL error message pointing to TLSv1: "error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version"

• However, I now now what the problem was. Had to do with how AWS uses the Load Balancer. Since I use https for all exchanges, I was configuring the JS Fetch call to use it. But the LB changes the HTTPS to HTTP when it passes it to my App. Since the App was expecting https packets, it didn't like it. I fixed that and the problem went away.

The load balancer stripped off the TLS, you mean. Yeah, that's somewhere between expected and bad, depending on the particular server environment.

But, good, you got it working.