iOS11 + EAS + native email client: iOS11.1 will solve it

iOS11.0 didn´t work with Outlook.com, Exchange 2016 and O365 (our article). 11.0.1 seemed to fix this issue (Apple Support), but not for all environments.

The main problem seems to be the handling of SSL/TLS version handling of iOS11 + SHA-1 certificates + CBA (Cert Based Authentication).
Since iOS10.3, SHA-1 certificates are not supported anymore except they were pushed via an EMM system (Apple Support).

Solution:

Wait for iOS11.1 (last posts), first beta version is available.

Workaround:

  • All certificates with SHA-2
  • Deactivate SSL3 or Activate TLS1.x
  • Optional: Change the hashfunction for SCEP

Source