Visit https://sandbox.itunes.apple.com/verifyReceipt failed

Hi

When we add IAP for our app a few years ago, we setup our server to visit https://sandbox.itunes.apple.com/verifyReceipt, to verify our customer's receipt after the purchase the IAP. Everything goes well for the past few years.

But since March 22, 2024, our server cannot visit the URL above any more, and the returned failure is "SSLException: Received fatal alert: protocol_version"(from JAVA). From this we guess that Apple have made some changes about the SSL/TLS protocol requirement of your server api.

Could you guys tell us which SSL/TLS is required to visit this URL? We need these information to make a plan of our server code upgrade or something like that, and continue the receipt verification.

Thank you. Hope to hear from you soon.

Up vote post of neuswcjr Down vote post of neuswcjr
265 views
Posted by
neuswcjr
Reply
Add a Comment

Replies

Hello, I have the same problem, and I resolve this issue by upgrading the TLS protocol version of your .Net service to 1.2.

Posted by
wuhaowinner
Post not yet marked as solved Up vote reply of wuhaowinner Down vote reply of wuhaowinner
Add a Comment

Below is the code snippet to fix the issue within my legacy JAVA (1.7) server, using raw HttpsURLConnection object


        SSLContext ssl = SSLContext.getInstance("TLSv1.2");
        ssl.init(null, null, new SecureRandom());
        sslSocketFactory = ssl.getSocketFactory();

        HttpsURLConnection con = (HttpsURLConnection) dataUrl.openConnection();
        con.setSSLSocketFactory(sslSocketFactory);
        con.setRequestMethod("POST");
        con.setRequestProperty("content-type", "text/json");
        con.setRequestProperty("Proxy-Connection", "Keep-Alive");
Posted by
Meegan
Up vote reply of Meegan Down vote reply of Meegan
Add a Comment