Closed Jayky-II closed 3 years ago
It must be due to TLS 1 and 1.1 support removal: https://github.com/syncloud/platform/commit/c4ea189a1d827c2314bc094c09b72831db778841
Try these commands to bring back TLS 1 support to see if that is a problem:
sed -i 's/ssl_protocols.*/ssl_protocols TLSv1 TLSv1.1 TLSv1.2;/' /var/snap/platform/common/config.runtime/nginx/nginx.conf
snap restart platform.nginx-public
Done, but without success. On my phone I get the following error message, now:
javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x6010e510: Failure in SSL library, usually a protocol error error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x59b3d890:0x00000000)
App: org.dmfs.caldav.lib
App version: 0.4.22
OS version: 17
OS Info: FP/ahong89_wet_jb2/ahong89_wet_jb2:4.2.2/JDQ39/:user/test-keys
Date: Sat Aug 22 21:19:28 MESZ 2020
You enabled the TLS 1.0 and 1.1 support but you forgot to add the cipher suites corresponding to these TLS versions so the handshake cannot be done. Try these commands, I'm not a CLI expert but it should work
sed -i 's/ssl_ciphers.*/ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;/' /var/snap/platform/common/config.runtime/nginx/nginx.conf
snap restart platform.nginx-public
If you still have the same problem after using the commands written earlier you can try these that will bring the nginx config's back to the configuration before TLS1.1 and 1.2 removal.
sed -i 's/ssl_ciphers.*/ssl_ciphers HIGH:!aNULL:!MD5;/' /var/snap/platform/common/config.runtime/nginx/nginx.conf
snap restart platform.nginx-public
Great, it worked! The first solution worked, so I haven't try the second one. Thank you so much!
BR
Just to let you know, every update to the system from updates will reset your change. But you can use the workaround until you get a new phone :)
Just to let you know, every update to the system from updates will reset your change. But you can use the workaround until you get a new phone :)
Yeah, I supposed that it would work like that. But that's okay, as long as you've give me the "tools" to fix it by myself :)
After the upgrade to the version 200723422 of my syncloud server (OHC1), I could not synchronize Nextcloud services (CalDav, CardDav, RSS feeds, ...) with an old Android device (Fairphone 1, Android 4.2.2).
I receive following error message by caldav:
When using Firefox on this device, I can reach my Nextcloud Homepage, but without the fields for the login. Only the background and some minor things are there.
Before the last upgrade I could use all the services on my old Android device. On all more modern devices it is working fine. Would be great, if it would be possible to use them again.