Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL initialisation failed #1960

Closed
dm-m opened this issue Jan 14, 2018 · 3 comments
Closed

SSL initialisation failed #1960

dm-m opened this issue Jan 14, 2018 · 3 comments

Comments

@dm-m
Copy link

dm-m commented Jan 14, 2018

Actual behaviour

The app is unable to establish initial connection with the host. This error is shown:
"SSL initialisation failed"

Expected behaviour

The connection should be established and user should receive a possibility to log in.

Steps to reproduce

  1. Install Nextcloud app on Samsung J5 (2017)
  2. Type in the domain name of Nextcloud server.
  3. Receive error.

Environment data

Android version: 7.0

Device model: Samsung J530FXXU1AQI3

Stock or customized system: stock (Samsung Experience - 8.1)

Nextcloud app version: 2.0.0 (tried both Playmarket and F-Droid)

Nextcloud server version: 12.0.4

Logs

Web server error log

No logs

Nextcloud log (data/nextcloud.log)

No logs

The thing is that the issue is more than weird. I do have an older smartphone Meizu M2 with Android 5.1 and Flyme OS 4.5.3I and Nextcloud app is working well with Nextcloud server.

Here is server SSL configuration:

        listen 443 ssl http2;
        ssl on;
        ssl_certificate /etc/nginx/ssl/ec.crt;
        ssl_certificate_key /etc/nginx/ssl/ec.key;
        ssl_protocols TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305 EECDH+ECDSA+AESGCM !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4 !SEED !CAMELLIA";
        ssl_session_cache shared:SSL:10m;
        ssl_session_tickets off;
        ssl_ecdh_curve auto;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /etc/nginx/ssl/full-chain.crt;

The certificate is generated with secp384r1 elliptic curve and Must-Staple extension, however that shouldn't be a problem, since it is working with older Android.

I commented each additional directive one by one until just a standard SSL setup left and tested the app but it didn't connect.

Unfortunately, the device is not rooted and I'm not able to get logs from Samsung, tried with CatLog.

Server details if needed:
OS: Ubuntu 16.04
Web server: Nginx 1.13.6
OpenSSL: 1.1.0f 25 May 2017
PHP: 7.0.15
@dm-m
Copy link
Author

dm-m commented Jan 14, 2018

Found details about regression in Android 7.0: https://issuetracker.google.com/issues/37122132
I will regenerate a cert with another curve and update the issue with results.

@dm-m
Copy link
Author

dm-m commented Jan 14, 2018
edited
Loading

I reissued the certificate with prime256v1 curve and got it working.
Closing the issue.

@dm-m dm-m closed this as completed Jan 14, 2018
Closed
Closed
@cassdel
Copy link

cassdel commented Mar 31, 2019

Hello.. can you please let me know if you're aware of any regressions? Samsung S8+ with same behaviour, with latest version of NC app.
I believe that the SSL Certificate is broken again. Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dm-m @cassdel