No connection between Nextcloud & Davdroid

DAVx⁵
Log in to reply
  • T

    Setup: NC 11.0.2 / DavDroid 1.4.1
    CardDav on iOS is working / Android with DavDroid not …

    Debug-Info

    Maybe someone can help me.
    Thanks a lot

    0
  • R
    developer 

    	Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x7430a21800: Failure in SSL library, usually a protocol error
error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:641 0x744c571d80:0x00000001)
error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:800 0x744c7702db:0x00000000)
		at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
		at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:364)
		... 36 more

    There’s a TLS problem. Did you make sure your server TLS settings are correct and compatible with your Android version?

    0
  • T

    Hi rfc2822

    I’m using NGINX 1.10.11.
    Here is my ssl-setup. I know it seems not to be an DavDroid-Problem, but I would appreciate if you or another one have a hint to solve this problem.

    Thank you

    0
  • R
    developer

    Does it work with default TLS settings?

    0
  • T

    I’m not so experienced, but this setup works on iOS. If you have an line to edit I can test it …

    0
  • T

    @rfc2822 Just an update … Testing with an “Android 6 Device” it’s working, and testing with “CardDav Sync free” it’s also working … so it should be the issue with DavDroid & Android 7 - acutally I’m using the latest Version of DavDroid (1.5.0.2).
    Thank you for your support.

    0
  • J

    So the issue indeed seems to be with Android 7 in some way, depending on how you configured your server, I’ll just copy a github comment i accidentally made to the wrong place.

    I can confirm that the f-droid version was affected, the offending nginx config is this:
    ssl_ecdh_curve secp384r1;

    other relevant ssl config lines:

    ssl_protocols TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers “EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH”;
    ssl_ecdh_curve secp384r1;
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 5m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;

    So with that option commented out it’s working fine, I’m on 1.6.1.1-ose from f-droid and android 7.

    Apparently Android 7 supports only up to secp256r1, this was supposedly fixed in 7.1.1.

    Aside that, a bit of a rant, why are gitlab issues not enabled and instead this forum is used as a bug report tool? I have to create yet another account and wade through 5 google captchas just to write this.

    0

Similar topics

  • A


    DAVx⁵

    4
  • A


    DAVx⁵

    8
  • P


    DAVx⁵

    19