TLSv1.3 connectivity errors

[grrrrr]

I have my tt-rss instance on a server which has recently started only supporting TLSv1.3 connections.

Up until this change, that app was working fine with TLSv1.2 but since the change, running the app just throws an error.

On the server side, I am told there are no errors in apache logs.

I see from old change logs that TLSv1.3 support should be in the app, does anyone else have similar problems?

[nilsbraden]

What kind of device (OS, customrom, play services activated?) do you use? There is a bug with older android versions but I don't see how TLSv2 can work while TLSv3 does not. The message includes references to TLSv1 though, not sure why that is.

[grrrrr]

@nilsbraden so sorry, I can't believe I left those details off the op.

• Samsung Galaxy S9
• Android 9 (stock rom with play services)
• ttrss-reader-fork 1.94.9 via f-droid

Ciphers the server offers

 PFS is offered (OK)          TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256
                              TLS_AES_128_GCM_SHA256 
 Elliptic curves offered:     prime256v1 secp384r1 secp521r1 X25519 X448 

and protocols

 Testing protocols via sockets except NPN+ALPN 

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    not offered
 TLS 1.2    not offered
 TLS 1.3    offered (OK): final

[uqs]

/me too

Pixel 3a running Android 10 and latest security patches. An nginx installation with only TLSv1.3 runs into that error. Once I allow TLSv1.2 and TLSv1.3 in nginx it starts working again.

While searching around for this, I found https://medium.com/@krisnavneet/how-to-solve-sslhandshakeexception-in-android-ssl23-get-server-hello-tlsv1-alert-protocol-13b457c724ef which might enlighten someone how has Android development experience :)

The other popular TT-RSS Android app works fine with TLSv1.3 is all I can say so far (I'm in the process of setting it up, and haven't compare the apps yet, still need to import my feeds from inoreader ...)

nginx.conf

        # From https://cipherli.st/
        ssl_protocols TLSv1.3; # Requires nginx >= 1.13.0 else use TLSv1.2
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096
        ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
        ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
        ssl_session_timeout  10m;
        ssl_session_cache shared:SSL:10m;
        ssl_session_tickets off; # Requires nginx >= 1.5.9
        ssl_stapling on; # Requires nginx >= 1.3.7
        ssl_stapling_verify on; # Requires nginx => 1.3.7
        resolver localhost [2001:4860:4860::8844] valid=300s;
        resolver_timeout 5s;
        add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";

[nilsbraden]

Ok several things came up while looking into this.

First of all @grrrrr : I'm sorry but Android 9 does not natively support TLSv1.3, this only came with Android Q (10). Things might change if I (or someone else, for that matter) decides to move HTTP-Requests over to Okhttp library.

This is also why the "official" app works in this scenario, it uses Okhttp and the implemented TLSv1.3 support for older API levels. I decided against this some while back because I tried to reduce the clutter by not including too many libraries and since TLSv1.2 is afaik still considered perfectly secure I guess my point is still valid.

On we go. The setup of @uqs should be fine, given that the system should support TLSv1.3 and the server seems to provide the necessary ciphers (does it? You can check with https://www.ssllabs.com/ssltest/analyze.html). On my system (Stock Rom from Xiaomi, Android 10) the three new ciphers are listed so I guess I should be able to connect to your server. If you want you can privately send me the URL and I can try it, an account is not necessary to contact the API, no content will be returned obviously though.

And then there is this block in the code: https://github.com/nilsbraden/ttrss-reader-fork/blob/master/ttrssreader/src/main/java/org/ttrssreader/controllers/Controller.java#L255 It is normally unnecessary but I introduced it to make sure that the SSLSocketFactory is reset to default values when a preference like "Accept all SSL certs" was used and just recently turned off. Then I would overwrite the manipulated factory with a plain one. This is only necessary in that special case but for easier implementation I just to it once on startup too. I might try to remove it or handle it in a better way but I'm not sure if this has anything to do with the problem.

[uqs]

Hey Nils, thanks much for digging into this. I didn't take a screenshot, so the error message might've been slightly different. I've re-configured nginx again to do only v1.3 and will send you the URL shortly. Note though, that it's an IPv6-only host (but again, it works fine in other apps, and it works fine with v1.2, so that shouldn't be the deciding factor)

[nilsbraden]

edit2: Ok next one. This release should work: https://github.com/nilsbraden/ttrss-reader-fork/releases/tag/v1.95.5_1955 (same url, I deleted the other one... Now only the corresponding tag is linked to a wrong revision.) edit: Doesn't work when not beeing in Debug-Mode, sorry. Please ignore for now... Please have a look at the pre-release provided here: https://github.com/nilsbraden/ttrss-reader-fork/releases/tag/v1.95.5_1955

It's signed with the release key so it doesn't interfere with normal updating later on but doesn't have the usual changelog yet. This release makes use of the current OkHttp library.

And while you're at it, can you have a look at the new automatic dark mode? You need to select it still in the themes dropdown but for the release I plan to automatically select it for everyone. The user can still set it back to force one theme afterwards.

[uqs]

Still no luck ... did it work for you against my server?

[nilsbraden]

Ok turns out it worked all the time but we didn't expect Google to interfere. Please try to unset the option "SSL-Settings->Use Google Play services: Provider-Installer" using any version of the app (current release from Play store should also work just fine). For some reason this provider installer downgrades the connection to TLSv1.0 (I guess from the screenshot but didn't check) and the server doesn't support that of course.

I still think using OkHttp makes sense to allow older android versions to use TLSv1.3 though.

[grrrrr]

thanks @nilsbraden . I was able to reflash phone with Android 10 and all is good in the world again, App is connecting fine to server that offers only TLS1.3