NTLM HTTP/HTTPS Proxy Authentication broken

Originator:calum.h
Number:rdar://29153855 Date Originated:08-Nov-2016 05:34 PM
Status:Open Resolved:
Product:iOS Product Version:14C5069c
Classification:Serious Bug Reproducible:Always
 
Summary:
Attempting to authenticate to a http/https proxy server using NTLM (SPNEGO) results in a complete failure to load web pages
Authenticating to the same web proxy array using basic authentication is no problem and works as expected
Our proxy servers are bluecoat appliances authenticating to Active Directory

Steps to Reproduce:
1. Restore iPad with iOS 10.2b2 (14C5069c)
2. Fill out setup assistant and connect to wifi network
3. Configure proxy server address for wifi network - in this case 'Auto' PAC URL is distributed via DHCP (Pac file attached)
4. Open Safari
5. Receive prompt to enter proxy authentication details
6. Enter in account credentials to authenticate to proxy server
7. Open safari, attempt to load a http or https website. 
8. Note that no web pages load.

Expected Results:
After entering account credentials to authenticate against the proxy server http and https web pages should load immediately in safari.

Actual Results:
Web pages do not load and instead the requests time out and safari presents a unable to connect to server message

Regression:
Problem does _not_ occur in the production release of iOS 10.1.1 14B100

Notes:
Attached packet capture obtained from wireshark on an iMac with iPad connected via USB and using the RVI interface to capture all packets from the iPad from a clean restore.
Attached proxy.pac file which contains our PAC file 
Attached dhcp packet.txt showing dhcp packet information for the iMac, this will be very similar to the dhcp packet received on the iPad

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!