Did you have a look here: https://www.davx5.com/faq/synchronization-is-not-run-as-expected
The logs show a SSL problem, but I am pretty sure it is well configured on my server. I am using a Let’s Encrypt certificate. SSL Labs website shows that my server is well configured for Android 7.0.
Thanks for your help
It’s surely a TLS problem:
Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed ... 38 more Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x753f0f21c0: Failure in SSL library, usually a protocol error error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:610 0x753f0344a0:0x00000001) error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:764 0x753cac2f76:0x00000000) at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357) ... 37 more Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x753f0f21c0: Failure in SSL library, usually a protocol error error:1000043e:SSL routines:OPENSSL_internal:TLSV1_ALERT_INAPPROPRIATE_FALLBACK (external/boringssl/src/ssl/s3_pkt.c:610 0x753f0344a0:0x00000001) at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357) ... 37 more
Unfortunately, I can’t reproduce that with our testing devices.
How do you connect to the server? WiFi/mobile? Did you try another connection?
Can you access the URL with your Android device’s browser?
What do the Web server logs say?
I tried mobile and many WiFi connections.
I can access to the URL with my Android device’s browser (for instance https://baikal.alela.fr/dav.php). Only DAVdroid is not able to connect to my server.
It seems that the web server does not log ssl errors.
Thanks to you, I finally found the problem. In my nginx configuration, I forced the elliptic curve to be secp384r1 which is supported by Android 7.0 according to https://www.ssllabs.com/ssltest/viewClient.html?name=Android&version=7.0&key=139.
It seems that it is not supported by whatever DAVdroid uses to make a secured connection. I change the nginx configuration to
ssl_ecdh_curve auto; and now I can connect to my server with DAVdroid.
@Alela It seems that the SSLLabs Android ciphers refer to the default browser (Chrome?) on those platforms, which has a separate TLS stack which is not the system stack.
DAVdroid can only use the system stack. You can find a list of cipher which is supported by the Android default TLS stack in the SDK docs: SSLEngine (Default configuration for different Android versions).