search

RocketChat / Rocket.Chat.ReactNative

Rocket.Chat mobile clients
https://rocket.chat
MIT License
2k stars 1.17k forks source link

[TLSv1.3] App stopped working on iOS and Android #2844

Open leitmori opened 3 years ago

leitmori commented 3 years ago

Description:

Login does not work on iOS and Android. Logged-in users only see the "Waiting for network..." notice. No problems in desktop app or browser.

Environment Information:

Steps to reproduce:

  1. Enter workspace URL
  2. Enter credentials
  3. Press "Login"

Expected behavior:

User is now logged in and can chat.

Actual behavior:

Nothing happens.

Additional context:

Affects both SAML users and local users. SAML users see the login screen again after successful authentication. Debug log contains only server.js:204 API ➔ debug POST: /api/v1/login.

Access log: Screen Shot 2021-01-28 at 12 47 15

Nginx config (running under Plesk Obsidian):

location ~ ^/.* {
    proxy_pass http://127.0.0.1:3000;
    proxy_set_header Host             $host;
    proxy_set_header X-Real-IP        $remote_addr;
    proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;

    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Forward-Proto http;
    proxy_set_header X-Nginx-Proxy true;
    proxy_http_version 1.1;

    proxy_redirect off;
}
diegolmello commented 3 years ago

Do you see the issue on https://open.rocket.chat?

leitmori commented 3 years ago

No, it works with https://open.rocket.chat

diegolmello commented 3 years ago

Ok. Can you create a test user for me on your server and send the credentials to https://open.rocket.chat/direct/diego.mello? Then I can add it to next sprint. Thanks.

leitmori commented 3 years ago

I just looked into more log files of our server. Tonight Plesk Obsidian 18.0.33 was installed, updating the "TLS versions and ciphers by Mozilla" (https://statics.tls.security.mozilla.org/server-side-tls-conf-5.0.json). The "Modern" preset we selected (TLSv1.3) seems to break the app, no problems with the "Intermediate" preset.

leitmori commented 3 years ago

We will temporarily use the "Intermediate" preset with TLSv1.2 support.

torygg commented 3 years ago

Same problems here... not even a login page showing on Smartphone/Android...

Environment Information: Rocket.Chat Server Version: 3.11.0 Rocket.Chat App Version: 4.14.0 Device Name: Google Pixel 5 OS Version: Android 11

Address: chat.mdc-ce.de

Enabling lower TLS did not help... not even 1.2 or 1.1

hugoboos commented 2 years ago

We have the same symptoms. Logged in users see "Waiting for network..." and if you want to login nothing happens after pressing the login button.

I tried debugging with the iOS simulator, but couldn't get it working 1-2-3. I'm willing to debug it further but then I can use some assistance.

Brudertac commented 1 year ago

Is this still actual? Have Setup new Rocket.Chat Server (5.2) with Apache Reverse Proxy and have big Problems with the Mobile Android App... Thanks.

diegolmello commented 1 year ago

Yes. TLS 1.3 is an issue on mobile apps still. Apple still doesn't have support for it on Websockets, for example.