[Nextcloud 2.2.3.4 Mac OS] Initial connexion fails ('connection closed') with strong ciphers (TSL 1.1 & 1.2 only)

[serge-vk]

Expected behaviour

When setting up a NextCloud account, after typing in the server address (https) in the 'Set up NextCloud server' dialogue and clicking 'next', the 'Enter user credentials' dialogue should be displayed.

Actual behaviour

A pop-up 'Connection failed' is shown with the message 'Failed to connect to the secure server address https://my.nextcloud.server/nextcloud. How do you wish to proceed?' If I click 'Select a different URL', I see the error message 'Failed to connect to Nextcloud at https://my.nextcloud.server/nextcloud/status.php: connection closed'.

OwnCloud client v. 2.2.2 (build 3472) works normally.

Steps to reproduce

1. Install Nextcloud Mac OS client
2. Start Nextcloud client application
3. Try to connect to a server

   Server configuration

Operating system: FreeBSD 10.3 p7 Web server: Nginx 1.11.3 Database: MariaDB 10.1.16 PHP version: 7.0.10 NextCloud version: 10.0 stable Storage backend (external storage): ZFS data set (no external storage)

I think that this problem may be related to the cipher suite I configured in the web server. I have included the relevant lines from nginx.conf:

ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;

Client configuration

Client version: 2.2.3 (build 4) Operating system: Mac OS X 10.10.5, Mac OS X 10.9.5 (two test cases) OS language: English UK Installation path of client: /Applications/nextcloud.app

Logs

1. Client log (the lines appended after clicking 'next'):

08-31 09:51:01:988 0x600000015640 OCC::PostfixLineEdit::setFullText: "https://"
08-31 09:51:19:041 0x600000015640 unknown: QIODevice::read: device not open
08-31 09:51:19:045 0x600000015640 OCC::AbstractNetworkJob::start: !!! OCC::CheckServerJob created for "https://srv.addr/nextcloud" + "status.php" "OCC::OwncloudSetupWizard"
08-31 09:51:19:069 0x600000015640 OCC::AbstractNetworkJob::slotFinished: void OCC::AbstractNetworkJob::slotFinished() 2 "Connection closed" QVariant(Invalid)
08-31 09:51:19:070 0x600000015640 OCC::CheckServerJob::finished: error: status.php replied  0 ""
08-31 09:51:19:090 0x600000015640 OCC::PostfixLineEdit::setFullText: "https://srv.addr/nextcloud"
08-31 09:51:30:630 0x600000015640 OCC::PostfixLineEdit::setFullText: "https://srv.addr/nextcloud"
08-31 09:52:33:889 0x600000015640 OCC::SocketApi::slotNewConnection: SocketApi:  New connection SocketApiSocket(0x608000639560)
08-31 09:52:33:891 0x600000015640 OCC::SocketApi::sendMessage: SocketApi:  Sending message:  "SHARE_MENU_TITLE:Share with Nextcloud"
08-31 09:52:37:546 0x600000015640 -[DelegateObject updaterDidNotFindUpdate:]: -[DelegateObject updaterDidNotFindUpdate:] 

1. Nginx error log (after clicking 'next'):

2016/08/31 09:17:16 [info] 42607#100990: *2241 SSL_do_handshake() failed (SSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol) while SSL handshaking, client: my.server.ip, server: 0.0.0.0:443
2016/08/31 09:17:16 [info] 42607#100990: *2242 SSL_do_handshake() failed (SSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol) while SSL handshaking, client: my.server.ip, server: 0.0.0.0:443
2016/08/31 09:17:16 [info] 42607#100990: *2243 SSL_do_handshake() failed (SSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol) while SSL handshaking, client: my.server.ip, server: 0.0.0.0:443
2016/08/31 09:17:16 [info] 42607#100990: *2244 SSL_do_handshake() failed (SSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol) while SSL handshaking, client: my.server.ip, server: 0.0.0.0:443

1. NextCloud log: No entries at the time of attempted connexion

[serge-vk]

I am not sure if this is the right tracker, but I got booted out of the tracker for the OwnCloud client.

[LukasReschke]

Please post your server address.

[serge-vk]

Hi Lukas, My server is behind a corporate firewall. I am willing to poke a hole in it for you to test the connexion, but to do that I would need the IP address (or a subnet at least) from where you would like to connect.

[LukasReschke]

I'd love a test with https://www.ssllabs.com/ssltest/analyze.html against it. Hard to have an IP range there :/

[serge-vk]

I will try opening the ssllabs IP address and running the test. If that does not work, I could set up a separate server with the same nginx configuration (maybe, just a test static page) and open it to outside. Would that be useful?

[LukasReschke]

Yes. Certainly :)

[serge-vk]

Hi Lukas, for the moment I hit an obstacle. SSL Labs requires a domain name to run tests. It refuses to work with IP addresses and so far we just used IP address to connect to the server. I could probably put up a proper DNS record and try again (though, that's another unplanned exercise). Maybe, I will try to tweak the Nginx configuration first and see if if makes any difference.

[Groggy]

https://demo.nextcloud.com has the same issue. So you can run SSLabs on it : https://www.ssllabs.com/ssltest/analyze.html?d=demo.nextcloud.com

[LukasReschke]

Maybe https://github.com/owncloud/client/commit/127c107094bedddaa89ae6cd780494294c50207f, let's see…

[freretuc]

I have the same issue with the nextcloud server 10.0 and the nextcloud client (2.2.3 build 4) but the owncloud client (v2.2.3.3601) works fine.

[serge-vk]

I have been randomly changing my ssl configuration, modifying ciphers, protocols, &c and so far this is what I found: I kept getting the same error as originally reported until I enabled TLS v1.0 (ssl_protocols TLSv1;). So far, I haven't found any nginx configuration working with the NextCloud client with TLS v1.1 or 1.2 protocols.

[LukasReschke]

That makes sense. I guess it's https://github.com/owncloud/client/commit/127c107094bedddaa89ae6cd780494294c50207f, before I trigger that recompilation job (takes a lot of time…). Can you check if you have SNI enabled on the host?

If so, can you disable it for testing purposes? It should work then. That would help :)

[serge-vk]

The output of nginx -V on my server returns 'TLS SNI support enabled'. I have to confess, though, that I have no idea about how to disable it. I could probably try recompiling openssl with --disable-tlsext option. Do you know if there is a less invasive way?

[farion]

I have the same problem. The windows version works btw. Also the owncloud version worked for me. I tried also to enable TLSv1 on my nginx without luck.

[serge-vk]

Hi Farion. Just to make sure I was not inventing stuff, I enabled TLSv1 on my main server (before I was playing with a test VM that did not actually have NextCloud installed) and I am able to set up a NextCloud account through the Mac OS client normally. It seems to sync just fine as well, although I haven't made many changes so far. I am not going to keep this configuration, but from cursory testing, NextCloud client is perfectly functional with TLSv1 on my set-up (see the issue report).

[sethrd]

Enabling TLSv1 in nginx allows the client to work for me, but I'm not going to run an insecure protocol just to use the official client. The owncloud client works for the time being.

[smoix]

On Apache (CentOS 7), reverting from a secure configuration to the default settings "solves" this issue, but it's bad. Here is an example Apache configuration to test this issue:

Non-working secure config:

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

Working less-secure config:

SSLProtocol all -SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA

Nextcloud client version 2.2.3 (build 4) has this issue, Owncloud client version 2.2.3 (build 3601) works fine.

[serge-vk]

On my set-up (see report), the only change I had to make was to add TLSv1 to the original statement ssl_protocols TLSv1.1 TLSv1.2;. The original strong cipher suites worked fine with TLSv1.0, but I need TLSv1.2, so I'll use OwnCloud client for the time being.

[ghost]

generally i'd recommend to check against: https://wiki.mozilla.org/Security/Server_Side_TLS and their provided server config generator: https://mozilla.github.io/server-side-tls/ssl-config-generator/ when you're about to compile, in addition to the existing conditions the various operating systems provide (like old ssl versions on mac os...)

as silly as my recommendation sounds, i got the links stated above from your server admin documentation ( https://docs.nextcloud.com/server/10/admin_manual/configuration_server/harden_server.html?#use-https => Proper SSL configuration)

thank you for recompiling.

[koehn]

I've also got the same problem on my server; it seems the client is unable to connect via TLS 1.2; as others have commented, the OwnCloud client works fine (as does the iOS client, BTW).

[Steve8291]

Same problem for me. Using ownCloud client until there is a fix.

[zeigerpuppy]

I have the same issue too, since I updated my cipher suites to the recommended secure for nginx (from Mozilla SSL Configuration Generator, as the docs suggest). I can connect with the client (mac 2.2.3.4) to my nextcloud if I proxy via apache but a direct connection via nginx fails. It certainly seems like the cipher suites in the client may need an update.

[ghost]

Same here, any clue from the dev team?

[MojoDwarf]

I can confirm Nextcloud-2.2.4.1 still experiences the same issue. Likewise owncloud 2.2.4.3709 is still working.

[Ardakilic]

I'm also having the same issue with Nextcloud client 2.2.4 on Sierra. Owncloud client works nice though.

[rullzer]

This is an issue with our build chain on OS X. Where Qt isn't playing nice with openssl. We are looking into it but lets phrase it this way: trying to compile and ship anything not on the approved by list is a pain.

[Vertux]

I got the same problem macOS 10.12.2, nextcloud client 2.2.4 - owncloud client works for me too.

[nonbinary]

I have the same issue with a Linux client and a server running on CentOS, using httpd (apache) webserver.

[bleed2002]

i just ran into this as well. I think this is a serious issue that deserves high priority, as it seems that the current client simply does not work with currently recommended ssl implementations (in my case: i use Caddy's default tls configuration - https://caddyserver.com/docs/tls). Since the problem is confirmed and known for a while it seems to be a tricky one? Could someone who knows please explain what the issue is exactly about, what are the steps to get it fixed and a blind guess how long that will take? Thanks.

[liGhun]

I just migrated from owncloud to nextcloud and ran into this issue. I also won't lower my SSL settings on the server so this issue needs a high priority in my opinion

[DRN88]

Hello. May I ask what is the plan to make Nextcloud for Mac work? It is confusing for my clients to use Nextcloud vs Owncloud. Owncloud 2.2.4.3709 does work.

My Haproxy settings:

tune.ssl.default-dh-param 4096
ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12
ssl-default-bind-ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

Thanks a lot.

[MatthewVance]

I think I'm having the same issue as well. ownCloud client works, but Nextcloud does not.

My nginx TLS settings are:

NGINX TLS Settings:
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_dhparam /etc/nginx/tls/dhparam.pem;
ssl_ecdh_curve auto;

ssl_protocols TLSv1.2;

ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';

ssl_prefer_server_ciphers on;

My server version info is:

Server Info:
Nextcloud: 10.0.1
NGINX: 1.11.5 (built with OpenSSL 1.1.0c)
PHP: 7.0.8
MariaDB: 10.1.13
Linux: Ubuntu 16.04

My client info is:

Client Info:
OS X: 10.11.6
Nextcloud:  Version 2.2.4 (build 1)
ownCloud: Version 2.2.4 (build 3709)

[danielcb]

Just out curiosity: Is this something that someone currently is working on or planning to work in in the next few days/weeks/months or will this be a wont-fix for the foreseeable future?

[vinyll]

Using Owcloud client in the meantime just solves it for me.

[Stonemage]

Any updates on this? It's been 4 months or so now...

[zeigerpuppy]

see this thread: https://github.com/nextcloud/client_theming/issues/22

[Darkspirit]

No, it seems @zeigerpuppy is not very experienced with TLS. He didn't realize that "solving this bug" and "getting it work with an old tls protocol" are very different things.

[chicobico]

Same problem. Any news to this problem?

[peterboorsma]

Hi all, I want to switch from Dropbox to Nextcloud but this issue is holding me back. Is there any new information about this? Or a (safe) workaround?

[lattedesu]

@peterboorsma just use Owncloud client for the time being. Works nice even with nextcloud v11.

[zeigerpuppy]

have a look at #22, it's seems a viable (if imperfect) workaround for the moment. While using the owncloud client may be better currently, you can use #22 if you need your users to be able to use the nextcloud client.

[Darkspirit]

@zeigerpuppy NO, DONT TELL PEOPLE DO ENABLE TLS 1.0 WHEN THEY COULD USE TLS 1.2 WITH THE OWNCLOUD CLIENT. I HAVE WARNED YOU. You advise people to get into security risks without no reason, are you payed for that or do you not really care about this topic?

Please (!) just tell people, that Nextcloud is the better fork (like Libreoffice is better than OpenOffice), but has some teething troubles with the macOS client, therefore macOS users should use the owncloud client at the moment. Both clients are exactly the same, execpt the $Name and $Vendor strings. The Nextcloud team only has problems with compilation on macOS at the moment.

[peterboorsma]

Thanks. I read about the TLS thingie and no, I will not use TLS 1.0. :)

[DerMolly]

Any ETA for TLS 1.2 support?

[danielcb]

@rullzer is there any documentation on the issue or a setup guide for the buildchain on macos in general so that someone else might be able to jump in and help?

[rullzer]

Well @LukasReschke build the OSX client because you need to do that on a Mac. Basically you compile qt 5.4 manually. And then compile the client. It is a long and messy process. Basically what is in the https://github.com/nextcloud/client_theming/blob/master/README.md

[supergicko]

TL;DR January, 2017:

The MacOS nextcloud app is not working with modern ciphers.

DO NOT weaken your server-side TLS configurations to support the macos nextcloud client. You are definitely not the problem, the nextcloud mac os app is.

A workaround is the usage ot the owncloud app.

And last but not least.. Nextcloud Security Feature Page states that:

Nextcloud understands the necessity to provide core principle baseline security requirements, as such Nextcloud 11 is built on these security principles to ultimately deliver a secure solution to their customers

I hope this is true, this issue is open for 4 months now.

[Wonderfall]

It's a shame TLS 1.2 isn't supported, I'm even using TLS 1.3 right now. Please support modern ciphers!

[thomaskonrad]

Until now, I'm only seeing this bug report, many people confirming it and wanting a change, and an emotional discussion on a "workaround".

Has anybody actually identified the reason for the bug?

[Darkspirit]

macOS and/or the Qt for macOS ship something like OpenSSL 0.9.8, TLSv1 and worse. As far as I understand it correctly, they first have to manually compile Qt with the latest OpenSSL and then Nextcloud itself. But compiling Qt takes a lot of time.