No connection between Nextcloud & Davdroid
Setup: NC 11.0.2 / DavDroid 1.4.1
CardDav on iOS is working / Android with DavDroid not …
Maybe someone can help me.
Thanks a lot
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x7430a21800: Failure in SSL library, usually a protocol error error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:641 0x744c571d80:0x00000001) error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:800 0x744c7702db:0x00000000) at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:364) ... 36 more
There’s a TLS problem. Did you make sure your server TLS settings are correct and compatible with your Android version?
I’m using NGINX 1.10.11.
Here is my ssl-setup. I know it seems not to be an DavDroid-Problem, but I would appreciate if you or another one have a hint to solve this problem.
Does it work with default TLS settings?
I’m not so experienced, but this setup works on iOS. If you have an line to edit I can test it …
@rfc2822 Just an update … Testing with an “Android 6 Device” it’s working, and testing with “CardDav Sync free” it’s also working … so it should be the issue with DavDroid & Android 7 - acutally I’m using the latest Version of DavDroid (188.8.131.52).
Thank you for your support.
So the issue indeed seems to be with Android 7 in some way, depending on how you configured your server, I’ll just copy a github comment i accidentally made to the wrong place.
I can confirm that the f-droid version was affected, the offending nginx config is this:
other relevant ssl config lines:
So with that option commented out it’s working fine, I’m on 184.108.40.206-ose from f-droid and android 7.
Apparently Android 7 supports only up to secp256r1, this was supposedly fixed in 7.1.1.
Aside that, a bit of a rant, why are gitlab issues not enabled and instead this forum is used as a bug report tool? I have to create yet another account and wade through 5 google captchas just to write this.