If you stumble into this post, chances are you have scoured the internet for solutions to this issue. The few mentions of it out there are answered with completely worthless "turn it off an on again" answers.
Well after spending a few evenings picking apart this issue I finally was able to add an Outlook account using the settings app on my iPad 4 running iOS 10.3.4.
TL:DR
- Install version .12 of
ssl-kill-switch2
from their repo - Add your account :)
- Remove ssl-kill-switch2
Background
Without the above steps, if you try to add an Outlook.com account to your device within the settings app, you would only see a blank WebView splash for half a second, and then it closes. This leaves you with a null
account that doesn't work. As you can see, there's not much to go on, and the internet won't be of any help as stated.
Up until a few days ago a workaround was to add your Outlook account under the Microsoft Exchange option (using an app password). However this began failing recently. Currently this approach will yield intermittent "Incorrect Password" popups (even on current iOS versions). I suspect a recent change from Microsoft broke this workaround.
Unfortunately, iOS 10 forces you to use OAuth flow to add Outlook accounts. On earlier versions, there's no issue as you can simply provide an app password to the iOS login form and be on your way.
With these conditions, the only other way to add an Outlook Account is as a manually configured IMAP email. This will provide mail, but does not include Contacts or Calendar sync. It also doesn't support Push syncing.
Investigating the issue
Without much to go on with, I suspected Microsoft was rejecting the request (as the Google & Yahoo options did not immediately close). Therefore I started sniffing HTTPS requests from iOS through mitmproxy
. This revealed that iOS first makes a CONNECT request to newaccountredirectdomain.apple.com
when you try adding an Outlook account. This is the only request I saw, so my iPad was not even reaching Microsoft at all before kicking me out of the authentication flow. Other account options (Gmail, Yahoo) make a call to gil.apple.com
and do continue afterwards with requests to google or yahoo.
I started reading up on similar issues, and they all pointed to certificate pinning being the culprit. This eventually led me to installing ssl-kill-switch2
. It appears the Settings app implements some certificate pinning. Basically the settings App has defined certificates it expects the remote servers to present, any other certificate means the connection will be dropped.
I was then led to a bunch of time waste and headaches, because the latest version of ssl-kill-switch does not properly work on iOS 10, and there's no mention of this anywhere. Ssl-kill-switch2 has hardly been properly maintained, and through some open issues I started to suspect the latest version didn't actually work (on iOS 10 at least).
Therefore I installed v.12, did a respring, and tried adding an Outlook account. I could see that the WebView started and finally presented the Microsoft login web form. It accepted my credentials and a few seconds later I had my account added.
That's about it, hopefully someone with the same issue stumbles upon this post, and saves all the time I spent on this lmao.