nextcloud client on OSX does not support TLSv1.1+

[yoe]

I installed the Nextcloud client on a mac running OS X 10.12, and tried to connect to my server. This server was configured to only allow TLSv1.2, since older versions have many known security issues.

When trying to configure the client on my mac, the client errors out with:

"Kon niet verbinden met het opgegeven beveiligde serveradres https://nextcloud.grep.be. Hoe wilt u verder gaan?

Selecteer een andere URL

Probeer onversleuteld over HTTP (onbeveiligd)"

which translates approximately to

"Could not connect to the provided secured server address https://nextcloud.grep.be. How would you like to continue?

Select a different URL

Try unencrypted over HTTP (insecure)"

which is weird, since this all works on my laptop and my other machines. When checking the network connectivity using wireshark, I see the nextcloud client send out a "Client Hello" TLS packet, which has a version number set to 0x301, i.e., TLSv1.0, not allowing either TLSv1.1 or TLSv1.2.

While I could theoretically be possible to change my server configuration so it does allow these older versions of the protocol, I'd rather not do that; they're known to be insecure, and I do not want to go down that route.

See export.txt for details on what's going over the wire.

Please update the macOS client so it supports TLSv1.2, and I don't have to break my server's security.

[yoe]

Checking the changelog of the owncloud client reveals:

version 1.6.0 (release 2014-05-30 )
[...]
 * Enable support for TLS 1.2 negotiation on platforms that use
   Qt 5.2 or later

IOW, the Qt version of the OSX build system should be updated to Qt 5.2 or above.

[yoe]

Except it's already at 5.6... interesting.

[aalmenar]

It's strange since nextcloud client is themeing over owncloud client, i use at the momento the owncloud client since this issue with TLS 1.2 doesnt happen.

[rullzer]

Please try https://download.nextcloud.com/desktop/prereleases/Mac/Nextcloud-2.3.2.1beta.pkg

[yoe]

no dice; it still only sends out a TLS1.0 protocol version.

[Dirk23]

I have the same problem as @yoe and the 2.3.2.1 beta does the same error to me.

[lazzurs]

👍 for this issue here. Just migrated from Owncloud to Nextcloud and experiencing this issue on the new macOS clients I have installed :(

[yoe]

I've been thinking about how this might have happened.

The build instructions for OSX say to use an old version of OSX, so that old versions of OSX remain supported. This shouldn't really be necessary (you can just compile with -mmacosx-version-min=10.7, which works reliably IME), but it does mean that you're compiling on a version of OSX that ships with a very old version of OpenSSL by default (0.9.8, IIRC). Since TLS1.1 and TLS1.2 were added for OpenSSL 1.0.1, it is imperative to make sure that this very old version of OpenSSL is not used.

If no special steps have been taken to ensure that the system-provided OpenSSL is not used, then that would explain the bug here...

[lazzurs]

The build.sh has the following in it

export OPENSSL_ROOT_DIR=$(brew --prefix openssl)

This should mean that it is using the homebrew installed openssl however this may not have been updated on the build system. Will try building locally to see if this can be fixed with just a rebuild.

[Marcool04]

+1 From me. The mac OS application is the only one that I have tested that is not accepting to negotiate over TLSv1.2. It's the last thing preventing me from upgrading the configuration on my server. From the Apache configuration file itself:

#  By the end of 2016, only TLSv1.2 ciphers should remain in use.
#  Older ciphers should be disallowed as soon as possible, while the
#  kRSA ciphers do not offer forward secrecy.  These changes inhibit
#  older clients (such as IE6 SP2 or IE8 on Windows XP, or other legacy
#  non-browser tooling) from successfully connecting.

[loongyh]

https://download.nextcloud.com/desktop/prereleases/Mac/Nextcloud-2.3.0.4rc1.pkg

This one works for me.

[Dirk23]

@loongyh not working for me on El Capitan 10.11.6 (15G1609). Server accepts: TLS 1.2 Yes TLS 1.1 Yes TLS 1.0 No SSL 3 No SSL 2 No

[Marcool04]

Did the trick for me! Using Apache for proxy-ing nextcloud, and SSL configured like this:

SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA

Nextcloud client version 2.2.4 (build 1) was resulting in:

Jun 18 09:16:19 hostname httpd[31411]: [ssl:debug] [pid 31411] ssl_engine_kernel.c(2128): [client 127.0.0.1:46204] AH02043: SSL virtual host for servername nextcloud.hostname.tk found
Jun 18 09:16:19 hostname httpd[31411]: [ssl:info] [pid 31411] [client 127.0.0.1:46204] AH02008: SSL library error 1 in handshake (server hostname.tk:443)
Jun 18 09:16:19 hostname httpd[31411]: [ssl:info] [pid 31411] SSL Library Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher -- Too restrictive SSLCipherSuite or using DSA server certificate?
Jun 18 09:16:19 hostname httpd[31411]: [ssl:info] [pid 31411] [client 127.0.0.1:46204] AH01998: Connection closed to child 0 with abortive shutdown (server nextcloud.hostname.tk:443)

And the new release candidate 2.3.0.4rc1 gives us:

Jun 18 09:21:04 hostname httpd[31409]: +WUYp4H8AAAEAAHq3QG4AAAAD|GET /status.php HTTP/1.1|Authorization:Basic bWFyazo=|User-Agent:Mozilla/5.0 (Macintosh) mirall/2.3.0rc1 (build 4) (Nextcloud)|Accept:*/*|Connection:Keep-Alive|Accept-Encoding:gzip,

Thanks for the quick fix. Regards, Mark.

[yoe]

@Marcool04 yeah, that works. However, please note that your configuration misses a crucial item:

SSLProtocol -ALL +TLS1.2

otherwise, you're depending on the ciphersuites to decide which version of the TLS protocol you're allowing, which is not robust.

Also, 2.3.0.4rc1 is older than the 2.3.2.1 beta which was supposed to fix this, so that does not inspire much confidence. As such, it's not a fix, just an acceptable workaround ;-)

[Marcool04]

Thanks @yoe for the tip about the SSLProtocol directive. Indeed, the apache configuration file has this in it:

#   SSL Protocol support:
#   List the protocol versions which clients are allowed to connect with.
#   Disable SSLv3 by default (cf. RFC 7525 3.1.1).  TLSv1 (1.0) should be
#   disabled as quickly as practical.  By the end of 2016, only the TLSv1.2
#   protocol or later should remain in use.
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3

As I understand it, support for anything older than SSLv3 has been dropped, either from Apache or from OpenSSL itself now. So this was indeed only enforcing TLSv1. Changed to reflect your suggestion and Nextcloud still works. Not sure about the versioning issue (possible regression in the beta?). I stick to the stable releases usually unless there are reasons not to (the Android client for instance had issues that prompted me to change to the "Nextcloud-dev" in F-Droid). Anyhow. At least it works for now, and we're using the right protocols :) All the best, Mark.

[childnode]

another dup of #13 , isn't it?

[rullzer]

get 2.3.2 at https://nextcloud.com/install/#install-clients

[perler]

I still get this error as well, so this issue shouldn't be closed.

server: TLS 1.3 No TLS 1.2 Yes TLS 1.1 No TLS 1.0 No SSL 3 No SSL 2 No

client: macos, latest, macos version 10.12.6

[childnode]

@perler yes, 2.3.2 is still "broken" .. see current discussed pre-release 2.3.3.1 or newer

THIS issue is a dup

[flocbit]

I am still experiencing this really annoying issue using 2.3.2... As a workaround I use the ownCloud client -.-