iOS app is nagging with popup when server is configured for optional mtls / client certificate

[ne20002]

Steps to reproduce

I have a Nginx reverse proxy in front of my Nextcloud server. I've set up the server to support optional mTLS / client certificates where those are signed by my own CA.

The iOS app is now nagging me with reoccurring popup stating the server certificate has changed. Which indeed does not have changed.

This is the Nginx setup:

    ssl_certificate         /etc/letsencrypt/live/<myserver>/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/<myserver>/privkey.pem;

    ssl_stapling            off;

    ssl_client_certificate  /etc/nginx/client_certs/clientCertsCA-chain.pem;
    ssl_verify_client       optional_no_ca;
    ssl_verify_depth        1;

The server's certificate is a valid LetEncrypt certificate. The clientCertsCA-chain.pem is the root certificate of my own CA with which the client certificates are signed.

Expected behaviour

As long as I have not added a client certificate to the iOS app / device, nothing particularily should happen. The app should not show any error popups.

Actual behaviour

Any few minutes or on actions in the app like update or download of a file, the following popup appears:

Actually, the Android client behaves as before as well as the Linux client and all Dav clients. Adding a client certificate to Firefox also works as expected (without any error using the cleint certificate for authentication against the server).

I have rechecked by temporarily disabling the client certificate verification (popups does not appear then).

iOS version: e.g. latest iOS on iPhone 8

Nextcloud iOS app version: Nextcloud-iOS/5.2.6

Server operating system: Debian Bookworm

Web server: Nginx

Database:

PHP version:

Nextcloud version: 28.0.5