"This server uses a version below 1.0.38. Please Upgrade." mistakenly reported

[dejj]

Please, do not create duplicate issues

Actual behaviour

When signing into Kanboard Server 1.0.41, the Kandroid reports "This server uses a version below 1.0.38. Please Upgrade."

Expected behaviour

Kandroid should detect the correct server version and login should succeed OR Kandroid should report that it cannot detect the version due to some error and hint at the likely cause (perhaps path or certificate issue)

Steps to reproduce

• install Kandroid 0.51 from F-Droid
• install Kanboard 1.0.41 on Apache2
• obtain certificate from Let's Encrypt
• verify setup via browser
• attempt connect Kandroid to https://kandroid.myserver.com

5 closed similar with "I didn't include the full path to my kanboard server. Rookie mistake."

Such does not apply since "https://kandroid.myserver.com" is the full path in this case.

Configuration

• Kandroid version: 0.51
• Android/Mod version:
• Theme (if you use one):
• Device type, name and manufacturer:
• Kanboard version: 1.0.41

[andresth]

Hi,

I just tried to reproduce the behaviour on my server, which uses the configuration you described. What I found is that the App wrongly raises the version error when the login credentials are wrong or the user is blocked due to too many failed logins. This is definitely a bug.

But, I was unable to reproduce the behaviour in general.

Do you use redirects in your server configuration? If you're able to run curl on one of your computers, can you please send me the output of

curl -v \
-u "username:password" \
-d '{"jsonrpc": "2.0", "method": "getVersion", "id": 1}' \
https://kandroid.myserver.com/jsonrpc.php

[bahnfrei]

same issue here...

• kandroid 0.5.1
• android 7.1.1 (lineage os 14.1)
• kanboard 1.0.41 (running on apache behind nginx reverse proxy, using x509 cert from private ca)

browers based access to kanboard works without any problem. private ca has been installed on android trust store and is used by other apps successfully.

curl test output:

*   Trying n.n.n.n...
* Connected to example.com (n.n.n.n) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* Server certificate: example.com
* Server certificate: example.com RootCA v2
* Server auth using Basic with user 'foobar'
> POST /kanboard/jsonrpc.php HTTP/1.1
> Host: example.com
> Authorization: Basic Dc3MTQ1YTFiMDkyODIy=
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Length: 51
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 51 out of 51 bytes
< HTTP/1.1 200 OK
< Server: nginx
< Date: Thu, 06 Apr 2017 10:39:33 GMT
< Content-Type: application/json
< Content-Length: 42
< Connection: keep-alive
<
* Connection #0 to host example.com left intact
{"jsonrpc":"2.0","result":"1.0.41","id":1}

is there any possibility to debug kandroid app on the phone, any logs or something else? i assume, the problem could be linked to the x509 certificate, as ssldump on the reverse proxy machine indicates:

...
1 4  0.0438 (0.0000)  S>CV3.3(589)  Handshake
      ServerKeyExchange
1 5  0.0438 (0.0000)  S>CV3.3(4)  Handshake
      ServerHelloDone
1 6  0.0605 (0.0167)  C>SV3.3(2)  Alert
    level           fatal
    value           certificate_unknown
1    0.0611 (0.0005)  C>S  TCP RST

[dejj]

Here's the curl output for the version query when the login succeeded (query failed when I used dummy credentials on my server):

* Hostname was NOT found in DNS cache
*   Trying 1.2.3.4...
* Connected to kanboard.myserver.com (1.2.3.4) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
*    subject: CN=kanboard.myserver.com
*    start date: 2017-04-04 19:55:00 GMT
*    expire date: 2017-07-03 19:55:00 GMT
*    subjectAltName: kanboard.myserver.com matched
*    issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*    SSL certificate verify ok.
* Server auth using Basic with user 'dejj'
> POST /jsonrpc.php HTTP/1.1
> Authorization: Basic c2VhbjoxMjM0NTy=
> User-Agent: curl/7.35.0
> Host: kanboard.myserver.com
> Accept: */*
> Content-Length: 51
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 51 out of 51 bytes
< HTTP/1.1 200 OK
< Date: Thu, 06 Apr 2017 11:19:47 GMT
* Server Apache/2.2.22 (Debian) is not blacklisted
< Server: Apache/2.2.22 (Debian)
< X-Powered-By: PHP/5.4.45-1~dotdeb+6.1
< Content-Length: 42
< Content-Type: application/json
< 
* Connection #0 to host kanboard.myserver.com left intact
{"jsonrpc":"2.0","result":"1.0.41","id":1}%    

[bahnfrei]

ok, issue is definitely caused by making use of a private ca. i've replaced the server cert by an letsencrypt signed one and everything works like a charme. any idea, why kandroid doesn't honor the private ca installed on android trust store?

[andresth]

@dejj it looks like your server is still using SSL v3, I think Google deactivated this a few versions ago.

@bahnfrei, Kandroid does not take any effect on the trust store, it only requests a connection via the android API. It could be that there is an issue with your certificate (in my experience it can be something minor like a missing name) and android is cancelling the connection. Right now Kandroid does not handle SSL Errors, I will add this in the next version and run some test with a private ca

[dejj]

@andresth It seems the server is using SSL v3 from the messages. However I disabled sslv3 in haproxy (no-sslv3), Calling curl with "--tlsv1" option produces the same result ("SSLv3, TLS handshake"), whereas "curl --sslv3" results in a handshake failure.

Also, each time I try the login from Kandroid, it floods my server with failed login attempts, causing the server to lock my account.

[chriham]

I have this problem too. But I think the app can not handle the self-signed certificate of my server. CURL request printed out that the certificate is "not trusted"... yeah that's correct. Maybe this causes this error with "wrong version"...

[croulibri]

I face the same problem so I can't connect with Kandroid. Connexion to Kanboard works flawlessly from Firefox, so user is not banned and ID/pwd is correct. My certificate is TLS 1.2. from Gandi.net and Kanboard is installed on shared hosting plateform (https://www.web4all.fr/). I guess my certificate should be accepted.

But I still have "This server uses a version below 1.0.38. Please Upgrade." :-(

[dejj]

I was able login after upgrading to Kandroid 0.5.3. The issue seems to have been resolved.

[Bretos]

Hi,

this is also raised when version is master:

{"jsonrpc":"2.0","result":"master","id":1}

[andresth]

@Bretos, I opened a new issue #15 for your problem

[natrius]

I had the same problem, its gone now after the last update. I have a different error-message now - a new issue was created.