No sync after server move and Nextcloud Update



  • I running Dav5x for years without any problems 🙂
    Now, my provider moved my nextcloud application to another server.
    After this move I Upgrade from Nextcloud 13.0.7 to 14.0.4

    Unfortunately I recognized some day later DAVx5 do not sync my calenders and contacts anymore ☹

    Unfortunately I currently have to use an Android 4.1 for other reasons and cannot migrate to the current version of Dav5x. At the moment DavDroid 1.8.1-ose is running.

    If have no idea what the reason for this problem.
    I tried to create a new sync, but this failed. I attached logging, I do not understand the information inside. debug.txt.zip

    SSL-Error? Any missing chipherspec etc. at the new server?
    Any problem with this old davdroid version and the new nextcloud?

    any help, hints and tips are welcome


  • developer

    Hello,

    2019-01-14 18:38:09 2 [HttpClient] <-- HTTP FAILED: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x5fb35350: Failure in SSL library, usually a protocol error
    error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x40eb376a:0x00000000)
    2019-01-14 18:38:09 2 [ui.setup.DavResourceFinder] PROPFIND/OPTIONS on user-given URL failed
    EXCEPTION javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x5fb35350: Failure in SSL library, usually a protocol error
    error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x40eb376a:0x00000000)
    	at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:412)
    	at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:299)
    	at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:268)
    
    […]
    
    Android version: 4.1.2 (JZO54K.N7100XXDMB2)
    

    It’s a TLS problem. Your server requires TLS ciphers which are not available on Android 4.1.2, which is quite old. See https://www.davx5.com/manual/security/ for more information.

    You will have to use ciphers which are available both on your server and your Android device.

    Does that help?



  • thanks for this hint
    I feared such a thing, but had the hope that it would not come true.

    is this a limitation of the server or of nextcloud version?
    Is it only a missing cipherspec or another tls-version?

    do I have a chance to fix this with my (very) old android version, which I can not leave at the moment 😞


  • developer

    @snowy said in No sync after server move and Nextcloud Update:

    is this a limitation of the server or of nextcloud version?
    Is it only a missing cipherspec or another tls-version?

    do I have a chance to fix this with my (very) old android version, which I can not leave at the moment 😞

    Yes, you have to set up TLS ciphers on the Web server (e.g. nginx, not Nextcloud) which are available on your Android device. See https://developer.android.com/reference/javax/net/ssl/SSLEngine for a list.



  • @rfc2822 said in No sync after server move and Nextcloud Update:

    Yes, you have to set up TLS ciphers on the Web server (e.g. nginx, not Nextcloud) which are available on your Android device. See https://developer.android.com/reference/javax/net/ssl/SSLEngine for a list.

    I saw this list, but I’m not sure, if understand this table.
    Android 4.2.1 seems to be API 17, right ?
    (https://developer.android.com/about/versions/android-4.2)

    SSL_RSA_WITH_DES_CBC_SHA 9-22
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 20-22

    First would be possible, second line not
    I interpret this correctly??


  • developer

    @snowy said in No sync after server move and Nextcloud Update:

    Android 4.2.1 seems to be API 17, right ?
    (https://developer.android.com/about/versions/android-4.2)

    Exactly.

    SSL_RSA_WITH_DES_CBC_SHA 9-22
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 20-22

    First would be possible, second line not
    I interpret this correctly??

    Exactly 🙂



  • @rfc2822 which confuses me, however, if the restriction comes from the apache server (newer cipherspecs), why can my Firefox on the same old phone then successful call the nextcloud via https/TLS?
    Here the same cipherspec restrictions of the old mobile phone should also lead to problems. But they don’t.


  • developer

    @snowy said in No sync after server move and Nextcloud Update:

    @rfc2822 which confuses me, however, if the restriction comes from the apache server (newer cipherspecs), why can my Firefox on the same old phone then successful call the nextcloud via https/TLS?

    Because Firefox doesn’t use the system TLS stack, but brings its own one (browsers are the only apps which do such things).



  • @rfc2822
    my phone is rooted, do you know a way to download and install newer cipherspec in the system TLS stack?


  • developer

    @snowy Only when you update to a new Android version



  • @rfc2822 now it becomes incomprehensible
    My provider has migrated my Nextcloud back to the old server. I assumed that this fixed the problem.
    But the problem remains. DAVx5 still gets a “SSL handshake aborted…usually a protocoll error”.
    What going wrong here? How can I get more detailed informations what missing now?


  • developer

    @snowy said in No sync after server move and Nextcloud Update:

    What going wrong here? How can I get more detailed informations what missing now?

    You will have to ask your server provide to enable compatible TLS ciphers, or install an Android version that supports the TLS ciphers required by your server.



  • @rfc2822, may application was moved back to the old server.
    now all cipherspecs are available again, nothing was changed on the old server !

    Only my Nextcloud was first migrated to a newer server, there Nextcloud was updated from 13.0.7 to 14.0.4, the problems occurred.
    now the Nextcloud has been moved back to the old server.

    But now it is still Nextcloud 14.0.4 !
    Could it be that it’s not the cipherspecs but the old DavDroid has a problem with Nextcloud 14.0.4?


 

Maybe you're interested in these topics?