SSL Issues on Mac OS 15.2 when IRIS is running within a Docker container

Hi,

I recently had a company-enforced OS upgrade, and ever since going from mac OS 14.x to 15.x, I am currently having issues with SSL in IRIS.

An ARM (M3 pro) machine running OS 15.2, with the latest Docker Desktop (at the time of writing, 4.37.0). The Docker container runs IRIS for UNIX (Ubuntu Server LTS for x86-64 Containers) 2022.1.2 (Build 574_0_22161U). This container has not changed.

When attempting to run some local API tests of our software, I am hosting a Wiremock (https://github.com/wiremock/wiremock) server locally on the mac, in order to mock HTTP requests/responses. The IRIS server communicates with this wiremock server via `host.docker.internal` as a hostname, to talk from the container to the host machine. This was working before the OS upgrade without issue.

Ever since the OS upgrade, there seems to be some issue with SSL and I am unsure where the fault lies, hence asking for any advice or opinions here.

The basic structure of the tests which fail involve creating a simple http request, which will be pointed towards `host.docker.internal` and appropriate ports. Each individual test will add specific Wiremock mappings to the request, but as these all worked fine before the OS upgrade I don't think code for this needs to be included.

Method createHttpRequest() As %Net.HttpRequest [ Private ]
{
    set req = ##class(%Net.HttpRequest).%New()
    set req.Server = ..Host
    set req.Port = ..Port
    return req
}

Method IsHealthy() As %Boolean
{
    #dim req as %Net.HttpRequest = ..createHttpRequest()
    $$$ThrowOnError(req.Get("/__admin/health"))
    if ((req.HttpResponse.StatusCode = 200) && ($isobject(req.HttpResponse.Data)) && (req.HttpResponse.Data.Size > 0) ) {
        #dim json as %DynamicObject = {}.%FromJSON(req.HttpResponse.Data.Read())
        return (json.status = "healthy")
    }
    return 0
}

As mentioned, this all functioned without issue and contains nothing specific to our company. However now since the OS upgrade, IRIS errors out when running such tests with this message:

"ERROR <Ens>ErrGeneral: (RootCause "ERROR #6085: Unable to write to socket with SSL/TLS configuration 'ISC.FeatureTracker.SSL.Config', error reported 'SSL/TLS configuration 'ISC.FeatureTracker.SSL.Config' is not activated.'"

Looking at the management portal, this configuration is indeed enabled.

I have read online that other users have experienced SSL issues with various software since upgrading OS, so I am wondering if this is an IRIS issue, a Docker issue, or something else? I found a few discussions that seem to blame Microsoft Defender as the source of SSL issues. Our company does have Microsoft Defender enabled as policy, so I cannot disable this.

Has anyone else experienced similar? Is this an IRIS issue, or does the blame lie elsewhere (docker, microsoft defender, other)?

In the meantime, I am running Wiremock within the docker container and IRIS can communicate with that instance without issue. But, as every other team member has code pointing to `host.docker.internal`, it would be good to not require to patch our codebase only on my development machine.

I'm aware IRIS has not been yet released for mac os 15.x, but as the actual IRIS software is running within a unix docker container in my development environment, I figured I could ask for any insights here. Thanks in advance.