Strange, my android firefox worked on verifying ssl certificate… But it was that, it works if I use a crt+chain file instead of only crt. Thanks !
Please see the screen shot below. I’m using mac os server, trying to connect to the address book service. I can connect to this server using Evolution, so I know it is working. I can also connect to this server in firefox. I’m using cyanogenmod 10.2.1 .
According to the error message, the server offers only unsupported SSL/TLS protocols. DAVdroid doesn’t allow SSLv3 anymore (as it’s now unsecure, see NIST recommendations). Is it possible that the server doesn’t offer TLSv1+ but only SSLv3 or below?
I can connect to this server using Evolution, so I know it is working.
Evolution used SSLv3 only (yes, no TLS!) even at the time when POODLE was discovered. However, this was soon patched.
By the way, I think the path should be
Any news on this?
You’re right, principles is spelled wrong. I don’t think that was the issue that caused the error above though based on all the testing I did do.
It’s an older machine and it’s likely has outdated SSL/TLS. Same thing with the evolution client version I was using to test with. It would be nice if the error message were more human readable though. Since this didn’t work and I don’t have time to update the server now, I’m not going to do any more troubleshooting and I disabled the address book service for security reasons after finding out that it didn’t work. Any new server I build will not be mac os, so I’m not sure if further troubleshooting efforts would even be worthwhile with the current server.