I'm trying to connect to an Exchange Web Services server which used to work from CFNetwork prior to October 7, but doesn't any more. I don't see any packages that were installed around this time so I'm guessing it was a server change.
I think this is proxied somehow (I don't run the server or have access to it) as some URLs work on this server but some don't. You don't even get prompted for authentication. The server is email dot fahc dot org. You should be able to get an OWA login page, but trying to access an EWS URL (e.g. /ews/Services.wsdl) doesn't work. I have no problems logging into it from Firefox or Chrome, but Safari, Mail, my own apps, etc. are broken.
This is broken on OS X 10.11 and macOS 10.12; OS X 10.10 is fine.
Here's what I get when testing with nscurl with CFNetwork diagnostics enabled. I see it trying to fall back from TLS 1.2 to 1.1 to 1.0, which works elsewhere, but I don't see any more specific errors than 89 (ECANCELED), which is somewhat less than helpful.
Oct 26 14:31:56 nscurl[15026] <Notice>: CFNetwork Diagnostics [3:37] 14:31:56.438 {
Did Fail
Loader: <CFURLRequest 0x7ffbc0502ed0 [0x7fff7552c440]> {url = https://[...]/ews/Services.wsdl, cs = 0x0}
Error: Error Domain=NSPOSIXErrorDomain Code=89 "Operation canceled" UserInfo={NSErrorPeerAddressKey=<CFData 0x7ffbc063a550 [0x7fff7552c440]>{length = 16, capacity = 16, bytes = 0x100201bb0a801e2e0000000000000000}, _kCFStreamErrorCodeKey=89, _kCFStreamErrorDomainKey=1}
init to origin load: 0.00233305s
total time: 0.205145s
total bytes: 0
} [3:37]
Any ideas how I can dig into this further, or should I just file a bug?
Thanks.
This appears to be related to VMware NAT. After switching my VM to bridged networking, this issue disappeared (on both the 10.11 host and 10.12 guest). Thanks to @mikeymikey on Twitter for the suggestion.