[Nextcloud 2.2.3.4 Mac OS] Initial connexion fails ('connection closed') with strong ciphers (TSL 1.1 & 1.2 only)

[serge-vk]

Expected behaviour

When setting up a NextCloud account, after typing in the server address (https) in the 'Set up NextCloud server' dialogue and clicking 'next', the 'Enter user credentials' dialogue should be displayed.

Actual behaviour

A pop-up 'Connection failed' is shown with the message 'Failed to connect to the secure server address https://my.nextcloud.server/nextcloud. How do you wish to proceed?' If I click 'Select a different URL', I see the error message 'Failed to connect to Nextcloud at https://my.nextcloud.server/nextcloud/status.php: connection closed'.

OwnCloud client v. 2.2.2 (build 3472) works normally.

Steps to reproduce

1. Install Nextcloud Mac OS client
2. Start Nextcloud client application
3. Try to connect to a server

   Server configuration

Operating system: FreeBSD 10.3 p7 Web server: Nginx 1.11.3 Database: MariaDB 10.1.16 PHP version: 7.0.10 NextCloud version: 10.0 stable Storage backend (external storage): ZFS data set (no external storage)

I think that this problem may be related to the cipher suite I configured in the web server. I have included the relevant lines from nginx.conf:

ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;

Client configuration

Client version: 2.2.3 (build 4) Operating system: Mac OS X 10.10.5, Mac OS X 10.9.5 (two test cases) OS language: English UK Installation path of client: /Applications/nextcloud.app

Logs

1. Client log (the lines appended after clicking 'next'):

08-31 09:51:01:988 0x600000015640 OCC::PostfixLineEdit::setFullText: "https://"
08-31 09:51:19:041 0x600000015640 unknown: QIODevice::read: device not open
08-31 09:51:19:045 0x600000015640 OCC::AbstractNetworkJob::start: !!! OCC::CheckServerJob created for "https://srv.addr/nextcloud" + "status.php" "OCC::OwncloudSetupWizard"
08-31 09:51:19:069 0x600000015640 OCC::AbstractNetworkJob::slotFinished: void OCC::AbstractNetworkJob::slotFinished() 2 "Connection closed" QVariant(Invalid)
08-31 09:51:19:070 0x600000015640 OCC::CheckServerJob::finished: error: status.php replied  0 ""
08-31 09:51:19:090 0x600000015640 OCC::PostfixLineEdit::setFullText: "https://srv.addr/nextcloud"
08-31 09:51:30:630 0x600000015640 OCC::PostfixLineEdit::setFullText: "https://srv.addr/nextcloud"
08-31 09:52:33:889 0x600000015640 OCC::SocketApi::slotNewConnection: SocketApi:  New connection SocketApiSocket(0x608000639560)
08-31 09:52:33:891 0x600000015640 OCC::SocketApi::sendMessage: SocketApi:  Sending message:  "SHARE_MENU_TITLE:Share with Nextcloud"
08-31 09:52:37:546 0x600000015640 -[DelegateObject updaterDidNotFindUpdate:]: -[DelegateObject updaterDidNotFindUpdate:] 

1. Nginx error log (after clicking 'next'):

2016/08/31 09:17:16 [info] 42607#100990: *2241 SSL_do_handshake() failed (SSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol) while SSL handshaking, client: my.server.ip, server: 0.0.0.0:443
2016/08/31 09:17:16 [info] 42607#100990: *2242 SSL_do_handshake() failed (SSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol) while SSL handshaking, client: my.server.ip, server: 0.0.0.0:443
2016/08/31 09:17:16 [info] 42607#100990: *2243 SSL_do_handshake() failed (SSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol) while SSL handshaking, client: my.server.ip, server: 0.0.0.0:443
2016/08/31 09:17:16 [info] 42607#100990: *2244 SSL_do_handshake() failed (SSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol) while SSL handshaking, client: my.server.ip, server: 0.0.0.0:443

1. NextCloud log: No entries at the time of attempted connexion

[jospoortvliet]

@TerraX-net not just compiling Qt. In my understanding it needs a series of patches to work, it is a mess. Honestly, using the ownCloud client until a newer version of Qt fixes this is the best solution - it works, is entirely compatible and a new Qt is, from my understanding, coming soon, providing a real solution.

Because there is an alternative and a real solution is coming soon we don't think it is worth spending a large amount of time and effort on recompiling the client instead of on other things.

But if anybody has an old OS X system and is able and willing to built a version of the client with a Qt version with all patches applied so that it works with TLS 1.2, that would of course be great.

EDIT: for version 2.3 of the client (the upcoming release) compiling with Qt 5.6.2 is planned. That should (hopefully) resolve this.

With regards to the difference @thomaskonrad asked about: there is a difference because the problem isn't in the code of the client itself but in Qt and how to built it... The guys at Woboq who built the ownCloud client are also Qt developers and really know what they are doing. I know it is a huge pita for them too but they have the specific Mac OS X version (and old hardware!) plus patches for Qt and other changes needed to make this work. As I said, we COULD put in the time and effort to replicate that (buy an old mac on ebay, find an old Mac OS X version, etc etc), OR wait for 2.3. We've opted for the latter, it shouldn't be long. I don't know the exact details of the patches and other stuff needed, I just know it is hard plus the guy who does this on our side just had a baby so he ain't that much available anyhow ;-)

If @danielcb can manage to get this built the right way, I'm sure we can work out a way to get the result signed with help from @LukasReschke (who holds, literally, the keys).

[thomaskonrad]

Thanks for the explaination @jospoortvliet. One thing I still don't understand is why there is even a difference between the ownCloud client and the Nextcloud client. Doesn't it use the same codebase? Isn't the most recent stable release of the ownCloud client (2.2.4) a submodule of this one? Isn't this repository just meant as a theming repo for the ownCloud client? Aren't both clients supposed to use the same Qt version?

[danielcb]

@jospoortvliet all of the patches listed in the build steps seem to be already part of the current qt. I tried to build everything the last few evenings but qt does really take a loooot of time and space to compile. Also I've not much experience with c++, cmake so it might take a while :) Anyways, it looks like this should be done in a 'official' way, since the binaries get signed for updates. Maybe we can create a homebrew forumla for the client?

@thomaskonrad its the same codebase, there's just a bit of theming applied while building. Whoever build the current nextcloud client used the openssl shipped with OSX instead of a current one from homebrew (or somewhere else), I think.

[thomaskonrad]

@danielcb, that seems reasonable, thanks for clarifying.

[mannp]

Getting the same error here with only TLS v1.2 enabled on my server.

Any joy with this as its been some time since the last comment :)

[jlfranklin]

Is there a CI or build server that cranks out daily or, at least, weekly builds of the clients?

[ouafnico]

Any update on this?

[jryberg]

Is there any beta version of 2.3 that we can test?

[serge-vk]

There is a NextCloud-branded 2.3 client for Windows, but not for Mac yet, as far as I know . For the moment, you can download the OwnCloud client 2.3.0 RC. It works with NextCloud (apart from bugs).

[JeroenKleen]

see the 2.3.0 for owncloud that is final now: https://download.owncloud.com/desktop/stable/ownCloud-2.3.0.4097.pkg

I hope the nextcloud version will follow soon

[JeroenKleen]

@jospoortvliet I'm having a few people that try to use nextcloud version 11.0.1 with apach2 and encryption on ubuntu 16.04 with our NCclient and the owncloud client but still I see in the NC logs like:

Debug webdav Sabre\DAV\Exception\NotAuthenticated: HTTP/1.1 401 No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured

or: Fatal webdav Sabre\DAV\Exception\ServiceUnavailable: HTTP/1.1 503 Encryption not ready: multikeydecrypt with share key failed:error:0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error

is this a totally different issue then that the NC team is working on that we need to isolate? for those MAC users webdav is not working either incl. some previous of files is not working while on a windows client it is all working fine. It seems that a stack client on a different non NC setup is working perfectly fine on this same MAC.

I'm just trying to get the NC MAC client issues sorted as its my blocking factor for going into production. If somebody can help then its very much appreciated (upfront)

[loongyh]

Just downloaded and tested 2.3.0.4rc1 released several hours ago, issue is fixed. Thanks and awesome work Nextcloud team!

[ymhuang0808]

Me, too. The 2.3.0 RC1 (build4) version is able to connect with my Nextcloud server over HTTPs.

[JeroenKleen]

we did try the latest 2.30.4RC1 but 1 user (with latest patches on his MAC) this gets like:

Fatal webdav Sabre\DAV\Exception: HTTP/1.1 500 No subsystem set a valid HTTP status code. Something must have interrupted the request without providing further detail.

1. /var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 254: Sabre\DAV\Server->invokeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
2. /var/www/html/nextcloud/apps/dav/appinfo/v1/webdav.php - line 60: Sabre\DAV\Server->exec()
3. /var/www/html/nextcloud/remote.php - line 165: require_once('/var/www/html/n...')
4. {main}

Fatal webdav Sabre\DAV\Exception\ServiceUnavailable: HTTP/1.1 503 Encryption not ready: multikeydecrypt with share key failed:error:04065084:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data too large for modulus

1. /var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php - line 85: OCA\DAV\Connector\Sabre\File->get()
2. [internal function] Sabre\DAV\CorePlugin->httpGet(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
3. /var/www/html/nextcloud/3rdparty/sabre/event/lib/EventEmitterTrait.php - line 105: call_user_func_array(Array, Array)
4. /var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 479: Sabre\Event\EventEmitter->emit('method GET', Array)
5. /var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 254: Sabre\DAV\Server->invokeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
6. /var/www/html/nextcloud/apps/dav/appinfo/v1/webdav.php - line 60: Sabre\DAV\Server->exec()
7. /var/www/html/nextcloud/remote.php - line 165: require_once('/var/www/html/n...')
8. {main}

Other user with a MAC don't observe this issue. Anyone having a suggestion on what the best steps would be to root-cause this? He did try already another working account what was having the same issue; I'm still on 11.01 but will upgrade later this week to 11.02.

[Steve8291]

Tested the 2.3.0.4rc1 Mac client and it connects beautifully. However, it never syncs anything. Also downloaded the newest owncloud Mac client and met with the same results. So I've reverted back to using ownCloud client Version 2.2.4 (build 3709). My system looks like this: Ubuntu 16.10 yakkety Apache/2.4.18 (Ubuntu) PHP 7.0.15 mysql Ver 15.1 Distrib 10.0.29-MariaDB Redis server v=3.2.1 Nextcloud version 11.0.2

[JeroenKleen]

@Steve8291 Does this https://download.owncloud.com/desktop/stable/ownCloud-2.2.4.3709.pkg 224.3709 work OK then for you with sync? what version of MAC OS are you using? My user uses: Mac OS Sierra 10.12.3

I'm using ubuntu 16.04.2 apache 2.4.18 PHP7.0.15 mysql 5.7.17 Nextcloud 11.0.1 with encryption and letsencrypt https redis. 3.0.6

[jeffsf]

It is truly dangerous for anyone to suggest allowing any of the weak ciphers or known-insecure SSL/TLS versions.

Nextcloud-2.2.4.1.pkg suffers from an inability to connect on Mac OS X 10.11.6 (El Capitan) to a modestly secure nginx reverse proxy that properly has all SSL and TLSv1 disabled in its configuration. (As with any security-related issue, you should make your own judgements as to if this is secure enough for your needs)

ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;

Certificates in use are RSA 4096 bits (e 65537) / SHA256withRSA, confirmed tracible to DST Root CA X3 by modern browsers and Android Nougat applications. Further confirmed that the server should be interoperable with current OpenSSL versions, all modern browsers, Java 8, and modern iOS and Android versions. https://www.ssllabs.com/ssltest/

Is there a way that the Mac client can be built with homebrew so that I can have a functional, untainted version of the client?

_Edit: Looking at https://github.com/nextcloud/client_theming now, which has Mac OS X build instructions, though not a_ homebrew build.

Edit: ownCloud-2.3.0.4097.pkg appears to be syncing files properly, at least within what I have configured in this first-time Nextcloud deployment.

[Steve8291]

@JeroenKleen Yes ownCloud 224.3709 client works fine on my Mac. I'm running Sierra 10.12.3 as well. My SSLProtocol is TLS 1.2

[Steve8291]

@jeffsf Looking at your ssl_protocols I'm wondering if I need to enable TLSv1.1 to get the client working. I was only allowing TLS 1.2 Currently my config is:

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 SSLHonorCipherOrder on SSLCompression off SSLSessionTickets off

[jeffsf]

@Steve8291 I just checked setting ssl_protocols TLSv1.2; and reloading nginx.

I am seeing connectivity for "GET /status.php HTTP/1.1" 200 157 "-" "Mozilla/5.0 (Macintosh) mirall/2.3.0 (build 4097)" followed by "normal" activity. I was able to upload a file with the client by dropping it into a "synced" folder in the Finder.

[Steve8291]

@jeffsf Thanks. I allowed TLSv1.1 as well and I'm connected fine just as before when I only had TLSv1.2. Nextcloud 2.3.0.4rc1 client is "Checking for changes". It did that last time as well but never uploaded any new files. I've dropped files into synced folder but they haven't gone yet. Last time I let it go for a full day with no luck. I'll let it go until done and see what happens. No progress on the progress bar though. When I install the older ownCloud client, changes get pushed immediately.

[Steve8291]

Can confirm that Nextcloud 2.3.0.4rc1 is now working for me on my Mac using only TLSv1.2 I'm very happy about this. Thanks to everyone who worked to get this going. Not sure why it didn't work for me before but it is syncing great now. One thing I did notice is that the "recent changes" menu item does not refresh very quickly. "Settings > Sync Protocol" clearly shows items syncing though, and I can see them on the server. Here is my current ssl.conf if it helps anyone.

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 SSLHonorCipherOrder on SSLCompression off SSLSessionTickets off

[JeroenKleen]

@Steve8291 thnx for the update! Did you see before as well the black preview screen like I attached?

So you selected only on your MAC client to force use only TLSv1.2? Or was it working after you added TLSv1.1 and TLSv1 to your ssl.conf? thnx upfront on your detailed update!

[Steve8291]

@JeroenKleen I only changed my apache ssl.conf to prevent -SSLv3 -TLSv1 -TLSv1.1 The only protocol left that it can allow is +TLSv1.2 Nothing specific done to the MAC client. I never saw any black screens. What window did that show up in? Looks like a browser window.

[deanpcmad]

2.3.0.4rc1 is working for me. Thanks @loongyh

[Wonderfall]

2.3.2beta is not working anymore ("SSL Handshake failed").

[flo269]

I can confirm what @Wonderfall is reporting. "SSL Handshake failed" on 2.3.2beta

[jeffsf]

OwnCloud Version 2.3.2 (build 4250) works with "strong" ciphers and "current" TLS on Mac OS X 10.11.6 NextCloud 2.2.4.1 fails to connect under the same conditions.

The link on https://nextcloud.com/install/ under "Get Involved" to the beta client

https://download.nextcloud.com/desktop/prereleases/Mac/Nextcloud-2.3.2beta.pkg

returns a simple page indicating "File not found."

Is there a better link available to the Nextcloud beta client for Mac? Accessing https://download.nextcloud.com/desktop/prereleases/Mac/ gives a directory listing

Nextcloud-2.3.2.1beta.pkg fails in the same manner as previous versions of the NextCloud client. It is unable to get past the initial connect-to-server dialog.

[ghost]

9 months later now... This issue is a bad joke. 😤

[loongyh]

This one works. https://download.nextcloud.com/desktop/prereleases/Mac/Nextcloud-2.3.0.4rc1.pkg

Can confirm the 2.3.2.1beta breaks it again.

[hanej]

Can someone explain to me the benefit of NextCloud over OwnCloud? I thought the whole reason for the split was to be better engaged with the community. This major issue has been open for almost a year and it's still not resolved where in OwnCloud it is.

[jospoortvliet]

@hanej sadly this isn't related to community engagement or priorities. The Qt version that works with the client can't do this and we can't fix that. It is as simple as that.

[fdmgit]

@jospoortvliet The OwnCloud desktop client (Version 2.3.2 (build 4250)) is working ! What do the guys at owncloud.org differently compared to nextcloud ?

[Steve8291]

Both the OwnCloud client Version 2.3.2 build 4250 (latest client) and the Nextcloud Version 2.3.0rc1 (build 4) (the only Nextcloud version working with strong TSL 1.2) are using Qt 5.6.2 I don't understand the technical side of programming the clients but I'm wondering if the solution couldn't be to simply roll back the version of Qt Nextcloud uses until things are more stable for TSL 1.2 on iOS. It seems that this is what OwnCloud is doing to maintain connectivity.

[jeffsf]

Given that the OwnCloud build works, and the NextCloud builds don't, "we can't fix that. It is as simple as that." is a non-answer. For a project that is supposedly around data ownership and security, certainly de-prioritizing not handing TLSv1.1 and arguably not handling TLSv1.2 seems counter to those objectives.

[jospoortvliet]

Sadly, it is the truth. We haven't figured out how to fix it, and not for lack of trying.

From what I understand, the problem is that the client wants a version of Qt that does not support TLSv1.1 and TLSv1.2.

There are some Qt patches for that somewhere, developed by Woboq (the consulting firm that works on the ownCloud client) and they know how to built it for Mac OS X (which also requires special, very old hardware - a Core2Duo Mac if I'm not wrong) - nobody else really knows. This is quite specialized stuff - if it was easy, you really believe we would leave this unfixed for so long? A third of our employees uses a Mac and security is important, also for our own infrastructure! Besides, if it was simple a community member would have fixed it. I'm sure at least some of you have had a look at trying to built the client properly for Mac and didn't get it working either.

Sadly the Woboq's don't want to take our money to fix this. The current release was initially planned to support a new Qt which would fix this problem. Unfortunately, the upgrade to the new Qt didn't happen yet, that is still a work in progress.

Our two desktop client developers aren't deeply at home in building Qt+SSL for Mac. They tried but didn't manage it yet. Of course we have lots of urgent stuff for paying customers to work on too and we do lots of stuff in various other areas, but that doesn't mean we didn't try to fix this. Moreover, we have had a open job position for a third Qt developer for a year and a hard requirement is that that person knows how to fix things like this. We have not found anyone yet. Nor community members who know how to fix it, sadly.

If you can help, feel free to sent in your resume or kick people you know who could help!

WRT the helping out: we have a Mac Mini. It broke recently so building new clients for Mac is problematic. However once it is back up, I'm sure that if one or more of you are willing to try and make it work we can give you access somehow.

PS note I already said all this before: https://github.com/nextcloud/client_theming/issues/13#issuecomment-274335614

[ghost]

Thanks for the detailed explanations, everything seems pretty clear now. 👌

[rockihack]

@jospoortvliet I just compiled the owncloud client without any problems and it's working with tls 1.2. What didn't you figure out? The build process is pretty much straight forward...

[LukasReschke]

@jospoortvliet I just compiled the owncloud client without any problems and it's working with tls 1.2. What didn't you figure out? The build process is pretty much straight forward...

For a start, your build is:

1. Using Secure Transport instead of OpenSSL
2. Using Qt 5.9.0 instead of Qt 5.6.2 with the custom patches applied (we won't ship any other version than what the ownCloud client contains. This version is proven to work reliably and changing core components can lead to whatever kind of critical bugs, possibly even data loss!)
3. Not built on a Core2Duo which means this will not really work properly on Core2Duo machines

Sure. This is solvable. And we're working on it, and it's all a matter of priorities. And as sorry as I am. Using TLS 1.0 and 1.1 won't make you that much more insecure. We'll work on this as soon as we have enough free resources. Which is also a matter of time and cost, and the fact that the day only has 24 hours and all of us already work 10 at least 😉. (which would already look quite different if people with proper skill sets would apply 😉 )

But until now this discussion isn't going anywhere. So if anyone here really wants to help:

1. If you work at a big enterprise using Nextcloud => https://nextcloud.com/pricing/
2. If you know some very talented Qt developers => https://nextcloud.com/jobs/

And to be honest, the option "someone compiles it and gives me a binary package" is not possible. There are compliance guidelines that we have to follow, and one of them roughly being: "We cannot push unverified unreproducible built software to our users". :)

And now I shall use my time to do some more productive activities than commenting on this endless repeating ticket here 😉 – Yes, it will happen. And no, status quo won't kill anyone here or take anyone here really at risk. Just some more patience. Thank you all! 😄

[Ardakilic]

I don't believe this ticket is unproductive at all. In fact, I just learned about how it's handled and why it can't be done by you guys unlike Owncloud client with the recent comments after months of patience. Anyways, good luck and thank you again for the explanation,

[yunlhan]

@jospoortvliet Thanks for your comments on the current status. As for this part,

WRT the helping out: we have a Mac Mini. It broke recently so building new clients for Mac is problematic. However once it is back up, I'm sure that if one or more of you are willing to try and make it work we can give you access somehow.

Is setting up a Virtual Machine (hosted either by Linux or Windows boxes) with Mac OS X development environment like this a possible way out of this impasse instead of waiting for recovery of a broken mac mini?

[jospoortvliet]

Is setting up a Virtual Machine (hosted either by Linux or Windows boxes) with Mac OS X development environment like this a possible way out of this impasse instead of waiting for recovery of a broken mac mini?

I am not sure, but I would assume that that has already been tried...

[yunlhan]

I am not sure, but I would assume that that has already been tried...

Thanks @jospoortvliet for your response. Actually over the past few days I tried very hard to compile OSX client on my workstation and I succeeded last night. The client can connect to my server with TLS v1.2 only and the previous problem is gone. Please see the about page of the app.

However I have two brief questions about the osx/build.sh script since I was building my app on OSX 10.11 with Xcode 7.3.1 and Qt 5.9.1 without patches, not following official guide on OSX 10.10 with Xcode 6.4 and Qt 5.6.2 with hack (I was trying to ask the questions on [https://help.nextcloud.com/]() but I never got the activation email when I signed up.) Basically for the two lines in the script osx/build.sh, I believe 59FA8948AEBAE3F2222AE9BC020D6DA31DF821A7 and 6A588D031B2B63991A49DB9C98B4C846D6D0EAC4 are nextcloud developers identities, so I got some compiling errors like identities not found on my machine.

sudo ~/client_theming/client/admin/osx/sign_app.sh ~/install/nextcloud.app 59FA8948AEBAE3F2222AE9BC020D6DA31DF821A7 sudo ./admin/osx/create_mac.sh ../install/ . 6A588D031B2B63991A49DB9C98B4C846D6D0EAC4

Is it possible to add comments in the shell script to doc how to sign the app if it is used for personal build? And which developer should I contact if I have technical questions about OSX build? Thanks.

[jospoortvliet]

@mario might know about the identity stuff... He's been helping to built the client.

[gbonfiglio]

I've been hit by this issue after upgrading to NC 12. TLSv1 is enabled on my server, though. Someone confirmed it here (see last post) https://help.nextcloud.com/t/nextcloud-macos-client-unable-to-connect-to-server-others-work-fine/3211

Could be related?

[rullzer]

Get 2.3.2 at https://nextcloud.com/install/#install-clients

[mannp]

Its closed but not resolved, is that how it works.

Others have noted 2.3.2.1 breaks ssl again (as it does for me) and thats the one we are referred to as a solution?

[ghost]

Still broken here too. 🤒

[yunlhan]

I built my own client (working with TLS v1.2) and I asked whether ./osx/build.sh could be documented with more details on the forum a couple of weeks ago. See the post on the forum.

[rullzer]

mmm I was under the impression this was fixed. I'll relay this..