iOS 26: "TLS failed with error: -9808"

App & System Services Networking
mitsubish OP
Created 1d
Replies 2
Boosts 0
Views 72
Participants 2

Our app server is having some TLS related issue with the new iOS 26 (It works with iOS 18 and below).

When opening the domain url in iPhone Safari browser with iOS 26, it showing the error as below:

We followed the instructions from this link (https://support.apple.com/en-sg/122756), to run the following command: nscurl --tls-diagnostics https://test.example in Terminal app. It shows TLS failed with error: -9808

Could anyone please help explain what exactly the issue is with our server certificate, and how we should fix it? Thanks so much!

Replies  2
Boosts  0
Views  72
Participants  2
mitsubish OP
1d

Sorry I'm not a network expert, but ChatGPT helped analysed the certificate and reported it's "missing full chain" - The chain is "leaf + intermediate only", while it's supposed to be "leaf + intermediate + root".

While I have forward to our network team, is there any way to bypass from app as a temp fix? Thanks!

0
DTS Engineer OP
Apple
22h

Is this server available on the public Internet? If so, can you share the host name?

Oh, and just to be clear:

The chain is "leaf + intermediate only", while it's supposed to be "leaf + intermediate + root".

That is, as I’ve come to expect from LLMs, nonsense. The TLS specs are very clear that the server is not required to include the root. Specifically, RFC 8446 says:

Because certificate validation requires that trust anchors be distributed independently, a certificate that specifies a trust anchor MAY be omitted from the chain, provided that supported peers are known to possess any omitted certificates.

Earlier TLS RFCs had similar wording.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
iOS 26: "TLS failed with error: -9808"
First post date Last post date
 
 
Q