Thank you very much!
It was not so easy to find how configure .well-known on my NGinx server, but once this have been done, it works perfectly!
Thank you again, for the tip and the support
Regards,
David
After Domain and SSL change, no connection (letsencrypt)
-
Hi, I have the following problem.
After a domain change and change to Letsencrypt, CalDav / CardDav no longer works, either in Thunderbird, or in DavDroid.
The Davdroid log is this:
2017-05-12 07:51:47 750 [HttpClient$1] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><resourcetype /><displayname /><CARD:addressbook-description /><CARD:addressbook-home-set /><current-user-principal /></prop></propfind> 2017-05-12 07:51:47 750 [HttpClient$1] --> END PROPFIND (290-byte body) 2017-05-12 07:51:48 750 [HttpClient$1] <-- HTTP FAILED: javax.net.ssl.SSLHandshakeException: Handshake failed 2017-05-12 07:51:48 750 [ui.setup.DavResourceFinder] PROPFIND/OPTIONS on user-given URL failed EXCEPTION javax.net.ssl.SSLHandshakeException: Handshake failed at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:429) at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:268) at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:238) at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:149) at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:192) at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:121) at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:100) at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:120) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) at okhttp3.logging.HttpLoggingInterceptor.intercept(HttpLoggingInterceptor.java:211) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:185) at okhttp3.RealCall.execute(RealCall.java:69) at at.bitfire.dav4android.DavResource.propfind(DavResource.java:276) at at.bitfire.davdroid.ui.setup.DavResourceFinder.checkUserGivenURL(DavResourceFinder.java:179) at at.bitfire.davdroid.ui.setup.DavResourceFinder.findInitialConfiguration(DavResourceFinder.java:119) at at.bitfire.davdroid.ui.setup.DavResourceFinder.findInitialConfiguration(DavResourceFinder.java:90) at at.bitfire.davdroid.ui.setup.DetectConfigurationFragment$ServerConfigurationLoader.loadInBackground(DetectConfigurationFragment.java:142) at at.bitfire.davdroid.ui.setup.DetectConfigurationFragment$ServerConfigurationLoader.loadInBackground(DetectConfigurationFragment.java:125) at android.support.v4.content.AsyncTaskLoader.onLoadInBackground(AsyncTaskLoader.java:302) at android.support.v4.content.AsyncTaskLoader$LoadTask.doInBackground(AsyncTaskLoader.java:57) at android.support.v4.content.AsyncTaskLoader$LoadTask.doInBackground(AsyncTaskLoader.java:45) at android.support.v4.content.ModernAsyncTask$2.call(ModernAsyncTask.java:138) at java.util.concurrent.FutureTask.run(FutureTask.java:237) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607) at java.lang.Thread.run(Thread.java:776) Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x73b7fe2a80: Failure in SSL library, usually a protocol error error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:610 0x73cb596e20:0x00000001) error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:764 0x73cb802f76:0x00000000) at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357) ... 36 more ... 2017-05-12 07:51:48 750 [ui.setup.DavResourceFinder] No principal found at user-given URL, trying to discover 2017-05-12 07:51:48 750 [ui.setup.DavResourceFinder] Looking up SRV records for _carddavs._tcp.nextcloud.BMK-Media.de 2017-05-12 07:51:48 750 [ui.setup.DavResourceFinder] Didn't find carddav service, trying at https://nextcloud.BMK-Media.de:443 2017-05-12 07:51:48 750 [ui.setup.DavResourceFinder] Trying to determine principal from initial context path=https://nextcloud.bmk-media.de/.well-known/carddav ... 2017-05-12 07:51:48 750 [HttpClient$1] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><current-user-principal /></prop></propfind> 2017-05-12 07:51:48 750 [HttpClient$1] --> END PROPFIND (198-byte body) 2017-05-12 07:51:48 750 [HttpClient$1] <-- HTTP FAILED: javax.net.ssl.SSLHandshakeException: Handshake failed 2017-05-12 07:51:48 750 [ui.setup.DavResourceFinder] carddav service discovery failed EXCEPTION javax.net.ssl.SSLHandshakeException: Handshake failed at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:429) at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:268) at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:238) at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:149) at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:192) at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:121) at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:100) at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:120) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) at okhttp3.logging.HttpLoggingInterceptor.intercept(HttpLoggingInterceptor.java:211) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:185) at okhttp3.RealCall.execute(RealCall.java:69) at at.bitfire.dav4android.DavResource.propfind(DavResource.java:276) at at.bitfire.davdroid.ui.setup.DavResourceFinder.getCurrentUserPrincipal(DavResourceFinder.java:352) at at.bitfire.davdroid.ui.setup.DavResourceFinder.discoverPrincipalUrl(DavResourceFinder.java:334) at at.bitfire.davdroid.ui.setup.DavResourceFinder.findInitialConfiguration(DavResourceFinder.java:140) at at.bitfire.davdroid.ui.setup.DavResourceFinder.findInitialConfiguration(DavResourceFinder.java:90) at at.bitfire.davdroid.ui.setup.DetectConfigurationFragment$ServerConfigurationLoader.loadInBackground(DetectConfigurationFragment.java:142) at at.bitfire.davdroid.ui.setup.DetectConfigurationFragment$ServerConfigurationLoader.loadInBackground(DetectConfigurationFragment.java:125) at android.support.v4.content.AsyncTaskLoader.onLoadInBackground(AsyncTaskLoader.java:302) at android.support.v4.content.AsyncTaskLoader$LoadTask.doInBackground(AsyncTaskLoader.java:57) at android.support.v4.content.AsyncTaskLoader$LoadTask.doInBackground(AsyncTaskLoader.java:45) at android.support.v4.content.ModernAsyncTask$2.call(ModernAsyncTask.java:138) at java.util.concurrent.FutureTask.run(FutureTask.java:237) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607) at java.lang.Thread.run(Thread.java:776) Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x73b7fe2a80: Failure in SSL library, usually a protocol error error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:610 0x73b9c649c0:0x00000001) error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:764 0x73cb802f76:0x00000000) at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357) ... 37 more ... 2017-05-12 07:51:48 750 [ui.setup.DavResourceFinder] Finding initial caldav service configuration 2017-05-12 07:51:48 750 [ui.setup.DavResourceFinder] Checking user-given URL: https://nextcloud.bmk-media.de/nextcloud/remote.php/dav 2017-05-12 07:51:48 750 [HttpClient$1] --> PROPFIND https://nextcloud.bmk-media.de/nextcloud/remote.php/dav http/1.1 ... 2017-05-12 07:51:48 750 [ui.setup.DavResourceFinder] No principal found at user-given URL, trying to discover 2017-05-12 07:51:48 750 [ui.setup.DavResourceFinder] Looking up SRV records for _caldavs._tcp.nextcloud.BMK-Media.de 2017-05-12 07:51:48 750 [ui.setup.DavResourceFinder] Didn't find caldav service, trying at https://nextcloud.BMK-Media.de:443 2017-05-12 07:51:48 750 [ui.setup.DavResourceFinder] Trying to determine principal from initial context path=https://nextcloud.bmk-media.de/.well-known/caldav 2017-05-12 07:51:48 750 [HttpClient$1] --> PROPFIND https://nextcloud.bmk-media.de/.well-known/caldav http/1.1 ... 2017-05-12 07:51:48 750 [HttpClient$1] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><current-user-principal /></prop></propfind> 2017-05-12 07:51:48 750 [HttpClient$1] --> END PROPFIND (198-byte body) 2017-05-12 07:51:48 750 [HttpClient$1] <-- HTTP FAILED: javax.net.ssl.SSLHandshakeException: Handshake failed 2017-05-12 07:51:48 750 [ui.setup.DavResourceFinder] caldav service discovery failed EXCEPTION javax.net.ssl.SSLHandshakeException: Handshake failed at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:429) at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:268) at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:238) at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:149) at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:192) at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:121) at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:100) at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:120) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) at okhttp3.logging.HttpLoggingInterceptor.intercept(HttpLoggingInterceptor.java:211) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:185) at okhttp3.RealCall.execute(RealCall.java:69) at at.bitfire.dav4android.DavResource.propfind(DavResource.java:276) at at.bitfire.davdroid.ui.setup.DavResourceFinder.getCurrentUserPrincipal(DavResourceFinder.java:352) at at.bitfire.davdroid.ui.setup.DavResourceFinder.discoverPrincipalUrl(DavResourceFinder.java:334) at at.bitfire.davdroid.ui.setup.DavResourceFinder.findInitialConfiguration(DavResourceFinder.java:140) at at.bitfire.davdroid.ui.setup.DavResourceFinder.findInitialConfiguration(DavResourceFinder.java:91) at at.bitfire.davdroid.ui.setup.DetectConfigurationFragment$ServerConfigurationLoader.loadInBackground(DetectConfigurationFragment.java:142) at at.bitfire.davdroid.ui.setup.DetectConfigurationFragment$ServerConfigurationLoader.loadInBackground(DetectConfigurationFragment.java:125) at android.support.v4.content.AsyncTaskLoader.onLoadInBackground(AsyncTaskLoader.java:302) at android.support.v4.content.AsyncTaskLoader$LoadTask.doInBackground(AsyncTaskLoader.java:57) at android.support.v4.content.AsyncTaskLoader$LoadTask.doInBackground(AsyncTaskLoader.java:45) at android.support.v4.content.ModernAsyncTask$2.call(ModernAsyncTask.java:138) at java.util.concurrent.FutureTask.run(FutureTask.java:237) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607) at java.lang.Thread.run(Thread.java:776) Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x73b7fe2a80: Failure in SSL library, usually a protocol error error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:610 0x73b9c64780:0x00000001) error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:764 0x73cb802f76:0x00000000) at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357) ... 37 more
Can someone help me, what is it and how I fix it?
Nextcloud 11.0.3 (stable)
letsecrypt 0.14.0 - 2017-05-04Nginx config:
ssl on; ssl_certificate /etc/letsencrypt/live/nextcloud.bmk-media.de/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/nextcloud.bmk-media.de/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/nextcloud.bmk-media.de/fullchain.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!AES128'; ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_ecdh_curve secp384r1; ssl_prefer_server_ciphers on; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8; ssl_session_timeout 24h; ssl_session_cache shared:SSL:50m; ssl_session_tickets off;
-
Edit ciphers is change to:
EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL;Here is the link to the SSL-Labs report:
https://www.ssllabs.com/ssltest/analyze.html?d=nextcloud.bmk-media.de&hideResults=on1 -
Can no one really help me?
The full Debug File here.
-
Did you have a look at https://forums.bitfire.at/topic/1242/elliptic-curve-ciphers-not-available-on-android-7? You can find a link with a list of ciphers supported by various Android versions there.
-
Thank you, that was the solution.
This works best for me, better than auto.
ssl_ecdh_curve secp384r1:prime256v1;