My sanity is being tested...
We are trying to troubleshoot an issue with the Okta Single-Sign-On app on iOS (13.+). It worked in August with Fiddler, and now does not. iOS update? Okta update? Who knows. Below are what I feel are relevant log entries from Fiddler.
Basically, when the Fiddler proxy is active you can't authenticate with the Okta iOS app ('Sign in failed!'). The Okta web portal works fine. The App store also doesn't work, if that helps.
I keep seeing references to Certificate Pinning. Not sure if that's what's happening or if there is any way around it.
15:00:15:1955 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.crashlytics.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com)
15:00:17:0550 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
15:00:17:0930 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.crashlytics.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com)
15:00:17:1220 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
15:00:17:1591 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.crashlytics.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com)
15:00:18:6217 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
15:00:18:7449 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.okta.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com)
15:00:18:7769 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
15:00:18:8480 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.okta.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com)
15:00:19:3274 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
15:00:19:3605 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.crashlytics.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com)
15:00:19:3885 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
15:00:19:4214 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.crashlytics.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com)
15:00:21:8030 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
15:00:21:8531 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.crashlytics.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com)
15:00:23:4728 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
15:00:23:5238 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.crashlytics.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com)
15:00:24:0954 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
15:00:24:1735 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.crashlytics.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com)
15:00:31:5667 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance