I've taken a closer look at the way RTC SDK works with SSL/TLS Encryption Plugins, and ... I might have found a potential problem. If I am right, then there might also be a simple fix for that problem, which you could apply to your RTC SDK copy. All you need to do, is open the "rtcSocketSrvProv.pas" unit in the RTC SDK "Lib" folder, search for the "TRtcSocketServerProvider.CryptPluginError" implementation and comment out the line that sets "Lost:=True", after which the final method implementation should look something like this ...
function TRtcSocketServerProvider.CryptPluginError:boolean;
begin
Result:=True;
// Lost:=True; <- COMMENT THIS LINE OUT
InternalDisconnect;
// raise Exception.Create('Encryption error.');
end;
Let me know if that helps.
So ... why do I think that this little change might help?
I think that, for whatever reason, one of the events of the ST encryption plugins returns "cpsClosed" as a result, which signals RTC that the underlying TCP/IP connection should be closed. After that, RTC sets the "Lost" flag on that connection to TRUE, which prevents it from sending or receiving more data, assuming that the connection is no longer valid. But ... before the TCP/IP connection is closed by RTC, a call to BeforeDisconnectEx event will be made to the ST plugin, from where ST can prepare some data to be sent back to the Client, using the "s_out" parameter. And I think this might be exactly what ST is doing. It is probably preparing a packet for the Client, with a notification about a SSL/TLS connection closing, probably expecting this packet to go out to the Client, before the TCP/IP connection closes.
With the original implementation in RTC SDK (which has NOT changed between RTC SDK v7 and the latest version), the "Lost" flag was set to TRUE after an encryption plugin event returned with "cpsClosed", because of which any data that might have been prepared by the plugin in its "BeforeDisconnectEx" event, was NOT sent out before the Server closed its TCP/IP connection. As a result, the Client was left with a TCP/IP connection closed by the Server, without receiving a notification about the SSL/TLS stream closing. What happens next, depends on the Client implementation. My assumption is that Apple has recently made changes to their SSL/TLS layer, which keeps that connection open and waiting, while other implementations simply close it. And I think that this change by Apple, is now causing problems with all clients running on Apple devices that use their SSL/TLS implementation.
Best Regards,
Danijel Tkalcec