Open Radar

 
Update: Apple replied to my report, indicating that it is a duplicate of 20219161, which is still open as of this Mar 20, 2015.

== original report ==

Summary:
After installing Security Update 2015-002, AppleScripts that use the eppc:// protocol to connect to other computers fail. The AppleScript itself returns error -600 (Application not running). Console logs it as osascript: CFNetwork SSLHandshake failed (-4)

Steps to Reproduce (on a single machine):
1) Make sure "Remote Apple Events" is enabled
2) Open AppleScript Editor (or any osascript environment)
3) Enter this one line AppleScript:
  tell application "Finder" of machine "eppc://127.0.0.1" to activate
4) Attempt to compile the script
5) Enter your authentication details in the dialog that appears

Expected Results:
1) The script should compile.
2) Running the script should activate the Finder.

Actual Results:
Security Update 2015-002 installed:
  AppleScript error -600 "Application not running"
  Console log: CFNetwork SSLHandshake failed (-4)

Security Update 2015-002 NOT installed: Finder activates (i.e: no error)

Version:
Tested with OS X 10.8.5, 10.9.5, 10.10.2: all three work correctly prior to Security Update 2015-002 installation, and all exhibit the same failure after Security Update 2015-002 is installed.

Notes:
The Security Update 2015-002 release notes state that the FREAK exploit was addressed by removing support for ephemeral RSA keys. Apparently these are still needed by the eppc protocol.

Configuration:
The bug does not occur on machines where Security Update 2015-002 has not yet been installed. The bug manifests immediately after reboot when Security Update 2015-002 is installed.