Me88, are you still having problems with this? I may be able to help.
No connection between Nextcloud & Davdroid
-
Setup: NC 11.0.2 / DavDroid 1.4.1
CardDav on iOS is working / Android with DavDroid not …Maybe someone can help me.
Thanks a lot -
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x7430a21800: Failure in SSL library, usually a protocol error error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:641 0x744c571d80:0x00000001) error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:800 0x744c7702db:0x00000000) at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:364) ... 36 more
There’s a TLS problem. Did you make sure your server TLS settings are correct and compatible with your Android version?
-
Hi rfc2822
I’m using NGINX 1.10.11.
Here is my ssl-setup. I know it seems not to be an DavDroid-Problem, but I would appreciate if you or another one have a hint to solve this problem.Thank you
-
Does it work with default TLS settings?
-
I’m not so experienced, but this setup works on iOS. If you have an line to edit I can test it …
-
@rfc2822 Just an update … Testing with an “Android 6 Device” it’s working, and testing with “CardDav Sync free” it’s also working … so it should be the issue with DavDroid & Android 7 - acutally I’m using the latest Version of DavDroid (1.5.0.2).
Thank you for your support. -
So the issue indeed seems to be with Android 7 in some way, depending on how you configured your server, I’ll just copy a github comment i accidentally made to the wrong place.
I can confirm that the f-droid version was affected, the offending nginx config is this:
ssl_ecdh_curve secp384r1;other relevant ssl config lines:
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers “EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH”;
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;So with that option commented out it’s working fine, I’m on 1.6.1.1-ose from f-droid and android 7.
Apparently Android 7 supports only up to secp256r1, this was supposedly fixed in 7.1.1.
Aside that, a bit of a rant, why are gitlab issues not enabled and instead this forum is used as a bug report tool? I have to create yet another account and wade through 5 google captchas just to write this.