SSL handshake timed out



  • Hi,

    Sorry to ask for help but I didn’t find a related solution and tried many things but problem still appears.
    When trying to connect to my Nextcloud server, I get the following error during sync :

    --- BEGIN DEBUG INFO ---
    SYNCHRONIZATION INFO
    Account name: account_changed@account.com
    
    EXCEPTION:
    java.net.SocketTimeoutException: SSL handshake timed out
    	at org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
    	at org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:406)
    	at org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:226)
    	at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:367)
    	at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:325)
    	at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:197)
    	at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:249)
    	at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:108)
    	at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:76)
    	at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:245)
    	at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
    	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:100)
    	at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:82)
    	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:100)
    	at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
    	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:100)
    	at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
    	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:100)
    	at okhttp3.brotli.BrotliInterceptor.intercept(BrotliInterceptor.kt:39)
    	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:100)
    	at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:197)
    	at okhttp3.internal.connection.RealCall.execute(RealCall.kt:148)
    	at at.bitfire.dav4jvm.DavResource$propfind$1.invoke(DavResource.kt:325)
    	at at.bitfire.dav4jvm.DavResource$propfind$1.invoke(DavResource.kt:36)
    	at at.bitfire.dav4jvm.DavResource.followRedirects(DavResource.kt:380)
    	at at.bitfire.dav4jvm.DavResource.propfind(DavResource.kt:320)
    	at at.bitfire.davdroid.DavService$refreshCollections$1.invoke(DavService.kt:194)
    	at at.bitfire.davdroid.DavService$refreshCollections$1.invoke$default(DavService.kt:157)
    	at at.bitfire.davdroid.DavService.refreshCollections(DavService.kt:278)
    	at at.bitfire.davdroid.DavService.access$refreshCollections(DavService.kt:38)
    	at at.bitfire.davdroid.DavService$onStartCommand$$inlined$let$lambda$1.invoke(DavService.kt:75)
    	at at.bitfire.davdroid.DavService$onStartCommand$$inlined$let$lambda$1.invoke(DavService.kt:38)
    	at kotlin.concurrent.ThreadsKt$thread$thread$1.run(Thread.kt:30)
    
    SOFTWARE INFORMATION
    * at.bitfire.davdroid 3.0-ose2 (300000004) from com.android.packageinstaller
    * org.dmfs.tasks 1.2.3 (77600) from com.android.vending
    * com.android.providers.contacts 7.0 (19)
    * com.android.providers.calendar 7.0 (24)
    * com.samsung.android.contacts 3.2.00.8 (320000008)
    * com.samsung.android.calendar 4.0.06.502 (400600502)
    
    CONNECTIVITY (at the moment)
    - [ Transports: WIFI Capabilities: WIFI_P2P&NOT_RESTRICTED&TRUSTED&NOT_VPN LinkUpBandwidth>=1048576Kbps LinkDnBandwidth>=1048576Kbps]
    - [ Transports: WIFI Capabilities: NOT_METERED&INTERNET&NOT_RESTRICTED&TRUSTED&NOT_VPN&VALIDATED LinkUpBandwidth>=1048576Kbps LinkDnBandwidth>=1048576Kbps SignalStrength: -65]
    
    CONFIGURATION
    Power saving disabled: yes
    Notifications (not blocked):
    Permissions:
      READ_CONTACTS: granted
      WRITE_CONTACTS: granted
      READ_CALENDAR: granted
      WRITE_CALENDAR: granted
      READ_TASKS: granted
      WRITE_TASKS: granted
      ACCESS_COARSE_LOCATION: denied
    System-wide synchronization: automatically
    
    ACCOUNTS
    Account: account_changed@account.com
      Address book sync. interval: 240 min
      Calendar     sync. interval: 240 min
      OpenTasks    sync. interval: 240 min
      WiFi only: false
      [CardDAV] Contact group method: CATEGORIES
      [CalDAV] Time range (past days): 90
               Manage calendar colors: true
               Use event colors: false
    Address book account: Contacts (account_changed@account.com Kw)
      Main account: Account {name=account_changed@account.com, type=bitfire.at.davdroid}
      URL: https://changed-address.com/remote.php/dav/addressbooks/users/changed_user/contacts/
      Sync automatically: true
    
    SQLITE DUMP
    android_metadata
    	|  locale |
    	|  fr_FR |
    ----------
    service
    	|  id | accountName | type | principal |
    	|  1 | account_changed@account.com | carddav | https://changed-address.com/remote.php/dav/principals/users/changed_user/ |
    	|  2 | account_changed@account.com | caldav | https://changed-address.com/remote.php/dav/principals/users/changed_user/ |
    ----------
    sqlite_sequence
    	|  name | seq |
    	|  service | 2 |
    	|  homeset | 2 |
    	|  collection | 3 |
    ----------
    homeset
    	|  id | serviceId | url | privBind | displayName |
    	|  1 | 2 | https://changed-address.com/remote.php/dav/calendars/changed_user/ | 1 | <null> |
    	|  2 | 1 | https://changed-address.com/remote.php/dav/addressbooks/users/changed_user/ | 1 | <null> |
    ----------
    collection
    	|  id | serviceId | type | url | privWriteContent | privUnbind | forceReadOnly | displayName | description | color | timezone | supportsVEVENT | supportsVTODO | supportsVJOURNAL | source | sync |
    	|  1 | 2 | CALENDAR | https://changed-address.com/remote.php/dav/calendars/changed_user/personal/ | 1 | 1 | 0 | Personnel | <null> | <null> | <null> | 1 | 1 | 0 | <null> | 0 |
    	|  2 | 2 | CALENDAR | https://changed-address.com/remote.php/dav/calendars/changed_user/contact_birthdays/ | 0 | 0 | 0 | Anniversaires des contacts | <null> | -54 | <null> | 1 | 0 | 0 | <null> | 0 |
    	|  3 | 1 | ADDRESS_BOOK | https://changed-address.com/remote.php/dav/addressbooks/users/changed_user/contacts/ | 1 | 1 | 0 | Contacts | <null> | <null> | <null> | <null> | <null> | <null> | <null> | 1 |
    ----------
    room_master_table
    	|  id | identity_hash |
    	|  42 | hash_changed |
    ----------
    
    SYSTEM INFORMATION
    Android version: 7.0 (NRD90M.A510FXXS8CSF3)
    Device: samsung SM-A510F (a5xelte)
    
    --- END DEBUG INFO ---
    

    Certificate is from Letsencrypt.

    I tried the recommended SSL/TLS configuration for the Apache server (currently i’m using the modern quite restrictive) but it doesn’t changed anything. Also Nextcloud application works well, that’s why I believe the problem may come from Davx5…

    TLS 1.2 and TLS 1.3 are enabled on the server side.

    TLS 1.3

    TLS_AES_128_GCM_SHA256 (0x1301)   ECDH x25519 (eq. 3072 bits RSA)   FS	128
    TLS_AES_256_GCM_SHA384 (0x1302)   ECDH x25519 (eq. 3072 bits RSA)   FS	256
    TLS_CHACHA20_POLY1305_SHA256 (0x1303)   ECDH x25519 (eq. 3072 bits RSA)   FS	256
    

    TLS 1.2

    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   DH 2048 bits   FS	128
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   ECDH secp521r1 (eq. 15360 bits RSA)   FS	128
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   DH 2048 bits   FS	256
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH secp521r1 (eq. 15360 bits RSA)   FS	256
    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)   ECDH secp521r1 (eq. 15360 bits RSA)   FS	256.
    

    Thanks in advance for your help.

    LoiX

    PS : Also to contribute a bit at this cool project, I’ve just finished the French translation.


  • admin

    Can you send us a hostname where we can check this ourselfes? Did you select “Distrust system certificates” in the DAVx5 settings? Can you check that?

    Thank you for the translation!


Log in to reply
 

Similar topics

  • 1
  • 16
  • 4