Android: Unable to connect with SSL

The message is not shown inside the app, is it? Is it on a dialog, an the app is automatically closed?

Could you show us some logs from the server side when you try to connect from the Android app? From the HTTP server.

You mention "with SSL" in the title. Is everything working fine if you disable SSL in the server side and access though plain HTTP?

Thanks.

The message is not shown inside the app, is it? Is it on a dialog, an the app is automatically closed?

This message comes from the owncloud client app! Its in german "Ein unbekannter Fehler ist aufgetreten!" directly after I've entered the URL.

Could you show us some logs from the server side when you try to connect from the Android app? From the HTTP server.

Nothing is beeing logged.

You mention "with SSL" in the title. Is everything working fine if you disable SSL in the server side and access though plain HTTP?

When I enter the URL with http instead of https, it works.

Do you use Apache? In this case, the content of /var/log/apache2/access_log could help. Or /var/log/apache2/error_log, if exists.

Is your server behind a proxy?

I am using nginx. And I've checked the access_log and error_log. There is nothing beeing logged from the phone! I am not using any proxy.

Sorry for insisting, any ssl_request_log or similar in the server side?

Nevertheless, the upcoming 1.5.6 release will include a couple of fixes in network connections. You should try again with it, it's coming really soon.

Hi, as I said. Nothing is beeing logged in *_request_log. Only, when I connect via http, which works fine.

What SSL protocols support/allow your server? SSL v2, SSL v3, TLS 1.0, TLS 1.1?

SSLv2 and SSLv3 are not supported. Only TLSv1 TLSv1.1 and TLSv1.2.
I've also tried version 1.5.7 of the android client. The problem still exists.

TLSv1 should go fine.

Do you use HTTPS extensions? Is SNI enabled in your server?

What do you mean by https extensions? SNI is enabled in nginx.

Something similar to SNI, it's an extension of TLS.

What Android version holds your device?

UPDATE: sorry, wrong button

I am not aware of an HTTPS extensions. But I maybe wrong. Can I check this, if its active?
I am using an Google Nexus 4 @ Android 4.4.2.

No, no, I was just thinking in SNI and tried to generalize, but I can't say about any other concrete extension to check.

SNI should work fine in that device and Android version.

Maybe you would like to send us a test account in your server. You can send it to [email protected], including your "Android issue #470" in the subject.

Is the certificate self signed or from a certificate authorithy?
I am unable to login after changing the Domain to a Domain using PositiveSSL on the same server.
StartSSL has worked fine.

My certificate is from StartSSL - Class 2.

I have the same problem. When connecting to my server via the android app and the url https://XXX.XXX.XXX/owncloud and unknown error appears (yes, i have a self signed cert). My server forces ssl, so i cannot try to connect via http://XXX.XXX.XXX/owncloud. When i try to connect via a URL shaped like this: XXX.XXX.XXX/owncloud also a unknown error appears.
The Windows app works fine and i can access owncloud via the browser just fine, as well.

Hi everybody.

Is any of you accessing the server with the mobile device behind an HTTP proxy?

Hi,

Sorry, but no.

ApostlPaulus

On 23 September 2014 15:17:35 GMT+01:00, "David A. Velasco" [email protected] wrote:

Hi everybody.

Is any of you accessing the server with the mobile device behind an
HTTP proxy?

---

Reply to this email directly or view it on GitHub:
https://github.com/owncloud/android/issues/470#issuecomment-56526248

Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.

No, I am not using any proxy.

Btw, did you got the login information, which I send you for testing?

Sorry for the delay, @ConiKost . I just checked and had no problem to log in.

What version of the ownCloud app for Android are you using now? We added a bug fix common with Nginx servers that could help, version 1.5.8 is working for me.

The same question for you @ApostlPaulus , are you using version 1.5.8?

I've version 1.5.8 on my Nexus4 (Android 4.4.4). It seems to changed a little bit.
When I delete all app data and start the owncloud app "fresh", after entering my https url, I am getting a warning, that my ssl certificate is not trusted. After choosing to trust it, it reports again the same error "An unknown error occurred".

But, one time after trying several times, it shows instead, "An ssl error occurred".

I also have 1.5.8. on Nexus 5 4.4.4. Using non-ssl I see this in the logs.

tail -f access_log
ip address - - [14/Oct/2014:17:53:08 -0500] "GET /owncloud//status.php HTTP/1.1" 200 77
ip address - - [14/Oct/2014:17:53:08 -0500] "HEAD /owncloud//remote.php/webdav/ HTTP/1.1" 403 -

This happens whether I have the username and password set or not. I get the same on my nexus 7. this is during the validation of the server address. checking for webdav seems over the top.

Same error here:

Logcat:

D/SimpleFactoryManager(19732): getClientFor(OwnCloudAccount ... : 
D/OwnCloudClient #9(19732): Creating OwnCloudClient
D/SimpleFactoryManager(19732):     new client {@host.mydomain.tld, 1110867176}
D/OwnCloudClient #9(19732): REQUEST GET /owncloud//status.php
D/AdvancedSslSocketFactory(19732): Creating SSL Socket with remote host.mydomain.tld:443, local null:0, params: org.apache.commons.httpclient.params.HttpConnectionParams@420e3718
D/AdvancedSslSocketFactory(19732):  ... with connection timeout 5000 and socket timeout 5000
I/ServerNameIndicator(19732): SNI done, hostname: host.mydomain.tld
D/AbstractMetricsFactoryImpl(32209): record : No data points in metrics event
D/WifiStateMachine( 1839): handleMessage: E msg.what=147461
D/WifiP2pService( 1839): InactiveState{ when=-2ms what=147461 target=com.android.internal.util.StateMachine$SmHandler }
D/WifiStateMachine( 1839): processMsg: ConnectedState
D/WifiP2pService( 1839): P2pEnabledState{ when=-4ms what=147461 target=com.android.internal.util.StateMachine$SmHandler }
D/WifiStateMachine( 1839): processMsg: L2ConnectedState
D/WifiStateMachine( 1839): processMsg: ConnectModeState
D/WifiStateMachine( 1839): processMsg: DriverStartedState
D/WifiP2pService( 1839): DefaultState{ when=-8ms what=147461 target=com.android.internal.util.StateMachine$SmHandler }
D/WifiStateMachine( 1839): processMsg: SupplicantStartedState
D/WirelessDisplayService( 1939): onReceive() action android.net.wifi.SCAN_RESULTS
D/WifiStateMachine( 1839): handleMessage: X
D/WifiStateMachine( 1839): handleMessage: E msg.what=131155
D/WifiStateMachine( 1839): processMsg: ConnectedState
D/WifiStateMachine( 1839): processMsg: L2ConnectedState
D/WifiStateMachine( 1839): handleMessage: X
I/GetRemoteStatusOperation(19732): Connection check at https://host.mydomain.tld/owncloud/: Operation finished with HTTP status code -1 (success)
D/GetServerInfoOperation(19732): Trying empty authorization to detect authentication method
D/OwnCloudClient #9(19732): REQUEST HEAD /owncloud//remote.php/webdav/
D/RemoteOperationResult(19732): RemoteOperationResult has processed UNHANDLED_HTTP_CODE: 403
D/ExistenceCheckRemoteOperation(19732): Existence check for https://host.mydomain.tld/owncloud//remote.php/webdav/ targeting for  existence finished with HTTP status 403(FAIL)
D/DetectAuthenticationMethodOperation(19732): Authentication method found: UNKNOWN

access.log from Apache 2:

XX.XXX.XX.XXX - myusername [17/Oct/2014:18:47:44 +0000] "PROPFIND /owncloud/remote.php/webdav/ HTTP/1.1" 207 4899 "-" "Mozilla/5.0 (Linux) mirall/1.5.0"
XX.XXX.XX.XXX - myusername [17/Oct/2014:18:47:45 +0000] "PROPFIND /owncloud/remote.php/webdav/ HTTP/1.1" 207 2305 "-" "Mozilla/5.0 (Linux) mirall/1.5.0"
XX.XXX.XX.XXX - - [17/Oct/2014:18:47:47 +0000] "GET /owncloud//status.php HTTP/1.1" 200 763 "-" "Android-ownCloud"
XX.XXX.XX.XXX - - [17/Oct/2014:18:47:47 +0000] "HEAD /owncloud//remote.php/webdav/ HTTP/1.1" 403 0 "-" "Android-ownCloud"
XX.XXX.XX.XXX - myusername [17/Oct/2014:18:47:51 +0000] "PROPFIND /owncloud/remote.php/webdav/ HTTP/1.1" 207 4899 "-" "Mozilla/5.0 (Linux) mirall/1.6.3"
XX.XXX.XX.XXX - myusername [17/Oct/2014:18:47:52 +0000] "PROPFIND /owncloud/remote.php/webdav/ HTTP/1.1" 207 2448 "-" "Mozilla/5.0 (Windows) mirall/1.6.3"
XX.XXX.XX.XXX - myusername [17/Oct/2014:18:48:07 +0000] "PROPFIND /owncloud/remote.php/webdav/ HTTP/1.1" 207 1133 "-" "Mozilla/5.0 (Windows) mirall/1.6.3"

So, it looks likethe Android client gets a 403 (Forbidden), which is correct. But, it looks like it is also expecting the server to return a list of authentication methods which it is not doing or is not doing in a manner detectable by the client.

EDIT: I'm wrong... 403 is NOT correct. It should be a 401 (Unauthorized)... Could be something in the configuration which is preventing the HEAD request from being allowed... Checking into it.

OK, new information... If I request the URI from the logs (including the doubled slashes) I get a 403... If I remove the extra slash, I get the correct response headers which ask for Basic auth!! Gonna try to use mod_rewrite to work around the doubled slashes and get back to you...

Woohoo! Results! Well, I couldn't get the apache rewrite to work, but when I configured my client I was putting in:

https://host.mydomain.tld/owncloud/

And when I changed the URI to:

https://host.mydomain.tld/owncloud

Without the trailing slash, everything works!!!

I see the same.

I had the same vexing issue. It fellt i tried it over 100 times. It worked fine with the ios and the windows client but not with the android app.

I'm happy that i found this comment about the trailing slash. Now everythings works fine!!

I've been periodically checking on this issue as it has been affecting me as well. The trailing slash issue/fix does not seem to apply (my owncloud install [v7.0.3] is at the domain root). I can access owncloud fine via the browser and the mirall tool in linux. I have been unable to connect with the android app for the past several versions (definitely v1.6.2 and v1.6.1; I am not sure how far back the problem goes, for me).

Nothing shows up in the server logs when I try to connect the android app. For what its worth, I am using a self-signed certificate and vanilla nginx configuration.

I have the same issue as privong, but with Apache; my Linux clients all work fine but Android has not connected for some time. Reinstallation of the Android app won't get past selecting the URL, which throws "Unknown error" every time. This is server version 7.0.4.2, App version 1.6.2.

Just thought I'd mention this, regarding the "An unknown error occurred" with the Android client.

Host: Ubuntu 14.04 / Apache2

The local DNS server, /etc/hostname, and /etc/hosts all display/return the hostname as "ownCloud.private", but it seems the Android client will only work when I enter the server in lowercase only.

access.log - using "https://ownCloud.private":

10.0.99.62 - - [14/Dec/2014:15:49:05 +0930] "GET /status.php HTTP/1.1" 400 8583 "-" "Android-ownCloud"

access.log - using "https://owncloud.private":

10.0.99.62 - - [14/Dec/2014:17:03:34 +0930] "GET /status.php HTTP/1.1" 200 1946 "-" "Android-ownCloud"
10.0.99.62 - - [14/Dec/2014:17:03:34 +0930] "HEAD /remote.php/webdav/ HTTP/1.1" 401 0 "-" "Android-ownCloud"

Hi, I'm having the same issue after upgrading from ownCloud 6 to ownCloud 7.0.4-3. I, too, am running it with a self-signed SSL cert and use the _nginx_ web server. Access via WebGUI or the Ubuntu client both work perfectly fine, but the Android app (version 1.6.2) throws the _unexpected error_ message.

access.log says:
[31/Dec/2014:01:28:17 +0100] "GET /status.php HTTP/1.1" 400 6668 "-" "Android-ownCloud"

Since I do not use a local domain name but try to access ownCloud via my server's IP address + port number (https://XXX.XXX.XXX.XXX:8443), neither the trailing slash issue nor the lower case domain name really apply to me.

Any ideas how to fix this issue?

It's pretty frustrating since the only reason I actually use ownCloud is to share data across all my devices. Not being able to access the data on my mobile devices ruins the whole experience.

For what it's worth, I am also experiencing issues synchronizing contacts and my calendar with owncloud using davDroid. This leads me to suspect that the fault is either the the nginx configuration or with an underlying android library. Unfortunately, I have not figured out how to differentiate between the two. Given my nginx configuration is unchanged (since before the problem arose), I supsect android, but I have no proof.

Correction, it seems this was an SNI issue, for me. I disabled all other SSL servers in my nginx configuration, restarted the server, and now I can connect with both the android owncloud client and with davdroid. So, perhaps this issue (at least for me) was related to #300 and there not (yet) being support for SNI?

Edit: To clarify/correct my previous post, I had not modified the nginx configuration entry for the owncloud site, but apparently had added other SSL domains running in the same server, which appears to have caused the issue.

@privong, the support of SNI in the app is limited, conditioned by the smartphone. What model is yours? What Android version does it hold?

@faulkner93 , @InfoSec812 , @RueIam - the issue with the trailing slash is well-known; it should be fixed with the current released version (1.6.2), though we are still discussing if that's true in other issue. Sorry for the inconvenience.

@R0000, that's quite strange. There must be some rule in your server configuration that is enforcing lowercase in some way.

The app is not transforming the case-state of the URL. Even if it did it, your use case does not fit in a possible bug, since there is no way that the app knows wether precisely the 'C' character should be lowercase or uppercase.

Please, take a look to your web server configuration.

@poschd , did you check the Nginx configuration? I think it suffered some update in the change from OC 6 to OC 7. Please, take a look to: http://doc.owncloud.org/server/7.0/admin_manual/installation/nginx_configuration.html

Other possibilities: do you use SNI in your server? What model is your device? What Android version?

@brantg , do you use SNI in your server? What model is your device? What Android version?

@ConiKost, is this still a problem for you?

In that case, could you create a new user and try to log-in? Please, use only alphanumerical character both in user name and password?

Do you use non-alphanumerical characters in your real user name and password?

Could you also have a look to the recommended Nginx configuration in http://doc.owncloud.org/server/7.0/admin_manual/installation/nginx_configuration.html ? I think it was updated with OC 7.

@davivel, No, my entire installation is sealed behind a firewall so I never bothered to set up HTTPS. All my connections to the server are plain HTTP.

My phone is an LG-E980 running Android 4.4.2. I did check the behavior of the Android software since the server update to 8.0 and it is unchanged. In a few weeks I intend to deploy a DNS server so I can use a name rather than an IP for the URL; if that changes the behavior of the app I will report back.

Thanks, @brantg . I am looking forward about your report. But please, I need to ask you to do it in a new issue, since this one is specific for HTTPS access. You can include a link to here in the new one to keep in track.

@davivel I am using Android 4.4.4 on a Moto G LTE (1st gen).

For all people read this thread from bottom up.: Please check your https://example.com/status.php before anything else. In my case status.php told me exactly what's wrong.

@guettli, This was enormously helpful, thank you! Apparently I just needed to add the server IP as a trusted domain and status.php made this totally clear. Be advised that for me the path was http://1.2.3.4/owncloud/status.php.

@davivel, Adding the trusted domain completely resolved my Android issue and I suspect my plan to set up DNS would have also done so for the same reason.

Got it, trusted domain.

Please, @ConiKost , @poschd , @privong , could you check if this helps you? : https://forum.owncloud.org/viewtopic.php?f=17&t=20220

@davivel I just checked, and the trusted doman settings have been set since I installed owncloud, so it doesn't correlate with the android client issues I was experiencing. So I don't think that resolves the issue, for me.

I am thinking the problem is common to both Android and iPad. I am guessing by the behaviour of the self signed cert (I'm running 7.04 under ClearOS) THAT the cert is not recognized on the devices, I had trouble getting Windoz 8.1 to sign in, until I opened up the browser and set it to NOT use a proxy setting. From the browsers even on iPad, I have to tell the browser to except the "unknow" or untrusted cert for my owncloud to connect with https. Once I do that it works, but there is no dialog to enable that process with the moble clients..... just guessing here :-)

oh btw, I have nated my https connection through my sonic wall to the lan server clearos.

@davivel Sorry, but I won't be able to test this anymore, as I don't have any android phone anymore.

Yea..OK we have same issue from ipadBest regards Robert Conrad Kostecki --- Re: [android] Unable to connect with SSL (#470) --- From:"Conrad Kostecki" [email protected]"owncloud/android" [email protected]"rthresh" [email protected]:Mon, Mar 30, 2015 12:44 PMSubjectRe: [android] Unable to connect with SSL (#470)@davivel Sorry, but I won't be able to test this anymore, as I don't have any android phone anymore.
—Reply to this email directly or view it on GitHub.

This message is intended for the sole use of the individual and entity to which it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message.

same here with owncloud for android 1.7.1, but can't connect to TLS1.2 only server

some notes first:
according to https://code.google.com/p/android/issues/detail?id=61085#c8
TLS 1.1 and 1.2 are DISABLED by default up to Lolipop!

according to https://github.com/owncloud/android/issues/362#issuecomment-71622802

Actually, TLSv1.2 cipher suites (e.g. those with either SHA256 or SHA384) are supported from API level 20 onwards (Android 4.4) so do not expect to get a TLSv1.2 connection on an earlier OS. Just confirmed with Android 4.2.

while ssllabs says it is "supported":
https://www.ssllabs.com/ssltest/viewClient.html?name=Android&version=4.4.2

I get SSL3 handshake errors (!):

D/SimpleFactoryManager(25608): getClientFor(OwnCloudAccount ... : 
D/OwnCloudClient #3(25608): Creating OwnCloudClient
V/SimpleFactoryManager(25608):     new client {@owncloud.childno.de, 1108168888}
D/OwnCloudClient #3(25608): REQUEST GET /status.php
D/AdvancedSslSocketFactory(25608): Creating SSL Socket with remote owncloud.childno.de:443, local null:0, params: org.apache.commons.httpclient.params.HttpConnectionParams@4208ef48
D/AdvancedSslSocketFactory(25608):  ... with connection timeout 5000 and socket timeout 5000
D/OwnCloudClient #3(25608): Exception occurred
D/OwnCloudClient #3(25608): javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x41bcef38: Failure in SSL library, usually a protocol error
D/OwnCloudClient #3(25608): error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744 0x5eac5cf8:0x00000000)
D/OwnCloudClient #3(25608):     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:449)
D/OwnCloudClient #3(25608):     at com.owncloud.android.lib.common.network.AdvancedSslSocketFactory.verifyPeerIdentity(AdvancedSslSocketFactory.java:248)
D/OwnCloudClient #3(25608):     at com.owncloud.android.lib.common.network.AdvancedSslSocketFactory.createSocket(AdvancedSslSocketFactory.java:185)
D/OwnCloudClient #3(25608):     at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)

D/OwnCloudClient #3(25608): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x41bcef38: Failure in SSL library, usually a protocol error
D/OwnCloudClient #3(25608): error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744 0x5eac5cf8:0x00000000)
D/OwnCloudClient #3(25608):     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
D/OwnCloudClient #3(25608):     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:406)
D/OwnCloudClient #3(25608):     ... 20 more
E/GetRemoteStatusOperation(25608): Connection check at https://owncloud.childno.de: SSL exception
E/GetRemoteStatusOperation(25608): javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x41bcef38: Failure in SSL library, usually a protocol error
E/GetRemoteStatusOperation(25608): error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744 0x5eac5cf8:0x00000000)
E/GetRemoteStatusOperation(25608):  at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:449)

for this server config:

SSLCipherSuite \
EECDH+ECDSA:\
EECDH+AESGCM:\
EECDH+aRSA+SHA384:\
EECDH+aRSA+SHA256:\
!EDH:!SSLv2:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!CBC

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

which should work fine and is working fine for anything, expect the android client. Also Desktop Owncloud client works since 1.7.1 https://github.com/owncloud/client/issues/1556

https://www.ssllabs.com/ssltest/analyze.html?d=owncloud.childno.de

# openssl s_client -connect owncloud.childno.de:443
CONNECTED(00000003)
...
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
...

P.S: I'm not anymore on "stock" Android 4.3 from Sony but on CM 11 but even this should not be a problem at all: https://github.com/CyanogenMod/android_external_openssl/tree/cm-11.0

_UPDATE_: got same error with davroid (refer to https://github.com/bitfireAT/davdroid/issues/344)
their logs pointed me to mismatching cipher suites (again). My strict server only supported SHA256+ but nearest possible supported was SHA(128). If you ask me: Welcome to the US encryption law. Only allow less secure ciphers to allow NSA to crack them ;/
so, I allowed
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH 256 bits (eq. 3072 bits RSA)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH 256 bits (eq. 3072 bits RSA)
by adding
EECDH+aRSA+SHA:\ and it's working ;/

Not sure if the issue I'm experiencing is the same as above, but I notice SSL Cert errors, but only from the Android platform. Hitting my instance of OC from the web from iOS and WIndows seems OK, but Android seems to give this issue.

I have the same problem, the app doesn't connect generating unknown error

APP version: 1.8 (Android)
https://cloud.pagans.cat/status.php (looks everything ok)

What I'm missing?

Thanks!

ALLOW HIGHER ENCRYPTION SETTINGS FFS!!!!
cant believe i paid for this... and it fails at basics that are defaults post snowden ... how could i trust the app to use less secure settings... (also i have to travel to china soon too ... with DPI looking closely at every ssl packet )

And no its not the self signed cert I use a letsencrypt one

@boscowitch I have enabled FFS and I can connect with the app.
Can you explain how to reproduce the problem?
(I also use letsencrypt, with apache2)

Well I use nginx as an reverse proxy that points to my apache so nginx handles all the ssl encyption and I set my encryption modes to only secure alorithms wiht high encryption like for example here https://cipherli.st/
to disallow weak encryption:
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
before I allowed this:
ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';

but that also fails .....

and i cant imagine the reverse proxying beeing the problem ... since it works fine with the linux client and in the browser but here my settings:

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8888;

127.0.0.1:8888 is where the apache vhost is running pointing to the owncloud dir...

@boscowitch I bet same problem as for me above: have you tried to enable EECDH+aRSA+SHA? yes, it's just a bad workaround ;/

unfortunately every other free client seems to have the same limitations... i find this very strange why the heck should an app have less SSL chipers available than the chrome browser on android...

@ConiKost, thanks anyway for your feedback.

@childnode , your input here is awesome. Thank you so much for your effort.

Right now the app (the OC library for Android) is explicitly enabling support for TLSv1.2 protocol, but it's not explicitly enabling any concrete cipher. We could try to explicitly request all the available ciphers, just in case any of them is not enabled by default. All this keeping the current approach, that is, using the SSL stuff shipped with the Android system.

Another approach could be shipping our own SSL implementation and cipher suites with the app... but I don't think this is feasible in the short term.

so only chrome or apps with it's own ssl implementation can connect ... I must say I excepted more from Android also disabling TLS 1.2 because of 2% incompatible websites in the whole web.... seems kinda drastic especially since websites have to update more often anyway out of security reasons... at least they should allow apps to enable it and not totally dissable it.

And I'm on Android 5 and as it seems it's still not working by default as the posts claims.... what the heck is this really NSA influence

Hi,

I'm still getting unknown errors using this config:

 ssl_protocols               SSLv2 SSLv3 TLSv1 TLSv1.1;

  ssl_ciphers                 EECDH+aRSA+SHA:EECDH+ECDSA:EECDH+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256;

I'm using Owncloud 8.2.7 and Nginx and the App version 2.1.2. CM 13/Android 6.0.1.

On another note: If you don't mind me asking, why is this issue unresolved for so long? Not being able to (safely) use a cloud on mobile is pretty much killing its core functionality.

Is there any update to this issue? I'm trying to connect via https using the android app to my newly created owncloud server hosted on lighttpd under FreeBSD and I believe I'm having issues. I REALLY don't want to connect via http. Or, if anybody has any alternatives, I would be very interested in hearing about them.

hmm this is a serious issue for a lot of users who care about post snowden security... i guess i will be looking into nextcloud soon to check if they are willing to prioritize this issuw...

Hello I have a similar issue on my iOS app, everything worked perfectly beffore SSL, once added I started having on and off issues, the app randomly freezes, and rarely works on my log I found this line :
host-001.home:443 37.168.224.23 - - [01/Mar/2018:15:30:02 +0100] "PROPFIND /owncloud/remote.php/webdav/InstantUpload/ HTTP/1.1" 403 232 "-" "Mozilla/5.0 (iOS) ownCloud-iOS/3.7.2"

But when it works I find this :
host-001.home:443 37.168.224.23 - - [01/Mar/2018:15:30:02 +0100] "GET /owncloud/index.php/apps/files/api/v1/thumbnail/64/64/InstantUpload/P hoto-2017-09-30-19-14-07_2768.JPG HTTP/1.1" 403 232 "-" "Mozilla/5.0 (iOS) ownCloud-iOS/3.7.2"

I hope this could help

Hello I have a similar issue on my iOS app, everything worked perfectly beffore SSL, once added I started having on and off issues, the app randomly freezes, and rarely works on my log I found this line

Hi @DrissiReda , thank you for the logs, will be useful. Can you please include this information in a iOS repository issue as well? Thanks

Already did when I first encountered this issue.

In version 2.9, the ownCloud Android app switched to a new networking library. I'd assume this issue is gone. In case this happens again, please open a new issue. (too many things changed)