iOS app suddenly can't connect via HTTPS after IPv6 change

Question

and thanks in advance.

Everything was working great in my app, which is essentially complete. App was complete and custom VPS server was set up as backend. Then, reading the Apple Submission guidelines, I ensured that my server was IPv6 compatible.

Now suddenly I cannot connect to my server over HTTPS. It connects fine over HTTP still (if I go back and change the urls). Further, I was able to connect over HTTPS before the IPv6 change.

Now I get this error in the Xcode console:

---NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)---

I've been reading other posts about workarounds, but I want to keep my app legit. It was working over HTTPS earlier, and I don't see why the IPv6 change would cause this. I know I can amend the app transport security key, but I want this ready for production, and I don't want a rejection from Apple.

It is not a self-signed certificate, and everything was fully functional before hand.

I contacted my server company, and their not sure what is the problem.

I'm using NSURLSession, and a typical connection looks like this (I have not implemented any NSURLSession delegate methods or customizations in anyway besides what you see below).

//VALUES TO BE POSTED
NSMutableString *post = [NSMutableString stringWithFormat:@"u=%@&p=%@", username, password];


//PERCENT ESCAPE THE URL
[post setString:[post stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]];


//CONVERT POST VALUES TO DATA
NSData *postData = [post dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];


//RETRIEVE LENGTH OF DATA FOR PURPOSES OF POST HEADER
NSString *postLength = [NSString stringWithFormat:@"%d", (int)[postData length]];


//BUILD THE URL REQUEST
NSMutableURLRequest *request = [[NSMutableURLRequest alloc] init];
[request setURL:[NSURL URLWithString:@"https://www.example.com/"]];
[request setHTTPMethod:@"POST"];
[request setValue:postLength forHTTPHeaderField:@"Content-Length"];
[request setHTTPBody:postData];



//CREATE SESSION FOR SERVER CONTACT
NSURLSessionDataTask *sessionTask = [[NSURLSession sharedSession] dataTaskWithRequest:request
            completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {


 AND SO ON....

Answer 1

Judging by the error code, I'm pretty sure your server is configured incorrectly in IPv6 mode and isn't serving the complete certificate chain (missing or incorrect intermediate certs). I can't confirm that, of course, without knowing the server's name, but you can check it with:

openssl s_client -connect host:443

and see what it says. Of course, if it tries to connect by IPv4... you might have to use the IPv6 address instead of a hostname. I've never tried s_client with IPv6, so YMMV. :-)