I had a very confusing error. When I tried to add an account, all I got was “
could not verify host name”. And the logs said nothing more than “
Using documented SNI with host name …” and then nothing. Which of course was utterly useless, since the certificates were perfectly fine.
That in itself is already an error, IMHO…
I had to use wireshark to dump the traffic. In there, I noticed that DAVdroid’s SSL Client Hello only offered a rather sorry set of ciphers. No
RC4 and even
3DES still enabled. Completely insecure and outdated.
The best cipher in there was on a SSL3 level.
ECDHE-RSA-AES256-SHA. (Which uses
The thing is, that I banned everything below
and only have the
AES128 ones in there “because” Firefox still fails to support
SHA384, according to the devs.
And not having
umac-etm is already bad enough from a security standpoint…
When I added the above poor cipher to my apache cipher suite, everything worked.
So now I had to wrap everything into a VPN, just to delude myself into having some security.
Conclusion: Could you please update the used cipher suite? Thanks.