[Privoxy-users] Weird TLS problem with Apple watch

Rainer Sokoll rainer+lists.privoxy.org at sokoll.com
Mon Feb 17 15:22:17 UTC 2020 

Hi,

if my Iphone uses privoxy as network proxy, the apple watch cannot connect to the internet (Siri fails)
Once my Iphone connects directly to the Internet, Siri on the watch has no problems.
Note that on the Iphone itself, everything including Siri works fine, with or without Privoxy.

I think this packet is the problem:

----8<----
No.     Time           Source                Destination           Protocol Length Info
     64 3.098025       192.168.1.91          192.168.1.66          TLSv1.2  143    Application Data, Encrypted Alert

Frame 64: 143 bytes on wire (1144 bits), 143 bytes captured (1144 bits)
Ethernet II, Src: Wibrain_34:02:2b (00:1e:06:34:02:2b), Dst: Apple_17:13:32 (d0:d2:b0:17:13:32)
Internet Protocol Version 4, Src: 192.168.1.91, Dst: 192.168.1.66
Transmission Control Protocol, Src Port: 8118, Dst Port: 57881, Seq: 1, Ack: 1, Len: 77
    Source Port: 8118
    Destination Port: 57881
    [Stream index: 8]
    [TCP Segment Len: 77]
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 78    (relative sequence number)]
    Acknowledgment number: 1    (relative ack number)
    1000 .... = Header Length: 32 bytes (8)
    Flags: 0x018 (PSH, ACK)
    Window size value: 1761
    [Calculated window size: 1761]
    [Window size scaling factor: -1 (unknown)]
    Checksum: 0x8461 [unverified]
    [Checksum Status: Unverified]
    Urgent pointer: 0
    Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
    [SEQ/ACK analysis]
    [Timestamps]
        [Time since first frame in this TCP stream: 0.000000000 seconds]
        [Time since previous frame in this TCP stream: 0.000000000 seconds]
    TCP payload (77 bytes)
Transport Layer Security
    TLSv1.2 Record Layer: Application Data Protocol: Application Data
        Content Type: Application Data (23)
        Version: TLS 1.2 (0x0303)
        Length: 41
        Encrypted Application Data: 0000000000000076922168004e5187f9111c81720d87eb49…
    TLSv1.2 Record Layer: Encrypted Alert
        Content Type: Alert (21)
        Version: TLS 1.2 (0x0303)
        Length: 26
        Alert Message: Encrypted Alert
----8<----

Note: Encrypted Alert (Type 21)
According to RfC 5246 (https://tools.ietf.org/html/rfc5246#page-28) there was a decryption error.

To be honest, I am not sure…

Any comment is appreciated.

Rainer

More information about the Privoxy-users mailing list