We've got an https proxy that supports both http1.1 and http2 and we're experiencing the same or similar issue trying to proxy wkwebview with establishing mTLS to the proxy. 1 URLSession with the proxy works as expected. sec_protocol_options_set_challenge_block is invoked. No issues. Both http1.1 and http2 proxyconfigurations work as expected. 2 WKWebView behaves strangely: a. http1.1 using ProxyConfiguration(httpCONNECTProxy:tlsOptions:) leads to bad url error b. http2 using ProxyConfiguration.RelayHop(http2RelayEndpoint:tlsOptions:additionalHTTPHeaderFields:) leads to The server “*” requires a client certificate. sec_protocol_options_set_challenge_block is not invoked.

Any news on this bug? Having the same problem with http1.1/http2 proxy configurations.

Let alone sec_protocol_options_set_challenge_block, even sec_protocol_options_set_verify_block is not being called with wkwebview and proxyconfiguration. While both functions are called with urlsession proxyconfiguration.

Is it possible to use NERelayManager instead of ProxyConfiguration to proxy wkwebview for personal devices (non managed or supervised)?