@rfc2822 Just an update ... Testing with an "Android 6 Device" it's working, and testing with "CardDav Sync free" it's also working ... so it should be the issue with DavDroid & Android 7 - acutally I'm using the latest Version of DavDroid (184.108.40.206).
Thank you for your support.
Maybe you can try entering https://example.com/webdav/user in your browser to see whether it works. Seems like a SSL error, and maybe you can check your network (try different WiFi / mobile data) and the server SSL configuration.
I wonder if you support HPKP. In case not, it would be awesome if you'll add support.
E.g. Posteo supports it and it can be easily implemented as it is just a HTTP header. However the result is a huge security improvement making MITM attacks much more difficult.
Due to security reasons, my owncloud is only accessable via client certificates . Currently all requests from my smartphone (Android 6) are rejected, even if i am able to access the server with chrome. (Chrome supports client certificates)
If you need a test environment, i can set up a testserver for you.
Well this is weird. I don't use CAdroid. I place SSL cert in webserver root. Navigate to it via web browser, then download and add to trusted credentials. This is how I have always performed this on my phone since initially I believe some time ago CAdroid did not like self signed certificates.
CAdroid is only a helper for the Android certificate import process. It downloads the certificate from a HTTPS server, saves it in the format required by Android and then calls the Android "Import certificate" dialog.
Android didn't like self-signed certificates without CA flag. So, CAdroid shows a warning for certificates without CA flag, because they won't work with most Android devices. Nothing more. So, if you can import your certificate using a browser, you can also import it using CAdroid, and the other direction.
However, this is only required if you need the certificate to be valid for all system apps (e.g. email app, etc.). If you import a certificate, it will be valid for all apps, including DAVdroid. However…
Is it possible to accept self-signed cert in DavDroid?
… if you only use the certificate with DAVdroid, there's no need to import it. DAVdroid handles self-signed certificates on its own using MemorizingTrustManager. So, if you connect to a server and add the certificate in DAVdroid, it won't show up in the system/user certificates, because only DAVdroid knows that its valid and stores it in its own keystore (<davdroid>/KeyStore/KeyStore.bks).
I do not see the cert in my user trusted credentials on the tablet. I don't believe I set this connection up via http, but cannot see how to check short of removing the account. Let me know if there is a way to check if this connection (account) web address without removing account.
I don't know what you mean. What exactly do you want to check?
Thanks. BTW paid for app (davdroid) in play store. This app is looking good design wise. Thanks.
Indeed, line 66, I read : "TLS_ECHDE_RSA_WITH_AES_128_GCM_SHA256",
Unlike the other lines, where I read ciphers names with "ECDHE" inside.
Of course it has to be ECDHE (elliptic-curve Diffie-Hellman ephemeral) and not ECHDE. Will be fixed in future versions (although it only applies to Android 4.x devices). In the meanwhile, I suggest to allow CBC (and not only GCM).