No connection between Nextcloud & Davdroid



  • Setup: NC 11.0.2 / DavDroid 1.4.1
    CardDav on iOS is working / Android with DavDroid not ...

    Debug-Info

    Maybe someone can help me.
    Thanks a lot


  • developer

    	Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x7430a21800: Failure in SSL library, usually a protocol error
    error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:641 0x744c571d80:0x00000001)
    error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:800 0x744c7702db:0x00000000)
    		at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
    		at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:364)
    		... 36 more
    

    There's a TLS problem. Did you make sure your server TLS settings are correct and compatible with your Android version?



  • Hi rfc2822

    I'm using NGINX 1.10.11.
    Here is my ssl-setup. I know it seems not to be an DavDroid-Problem, but I would appreciate if you or another one have a hint to solve this problem.

    Thank you


  • developer

    Does it work with default TLS settings?



  • I'm not so experienced, but this setup works on iOS. If you have an line to edit I can test it ...



  • @rfc2822 Just an update ... Testing with an "Android 6 Device" it's working, and testing with "CardDav Sync free" it's also working ... so it should be the issue with DavDroid & Android 7 - acutally I'm using the latest Version of DavDroid (1.5.0.2).
    Thank you for your support.



  • So the issue indeed seems to be with Android 7 in some way, depending on how you configured your server, I'll just copy a github comment i accidentally made to the wrong place.

    I can confirm that the f-droid version was affected, the offending nginx config is this:
    ssl_ecdh_curve secp384r1;

    other relevant ssl config lines:

    ssl_protocols TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_ecdh_curve secp384r1;
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 5m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;

    So with that option commented out it's working fine, I'm on 1.6.1.1-ose from f-droid and android 7.

    Apparently Android 7 supports only up to secp256r1, this was supposedly fixed in 7.1.1.

    Aside that, a bit of a rant, why are gitlab issues not enabled and instead this forum is used as a bug report tool? I have to create yet another account and wade through 5 google captchas just to write this.


Log in to reply
 

Looks like your connection to Bitfire App Forums was lost, please wait while we try to reconnect.