Client 3.4.1 unable to log in on Mac 12.0.1 with SSL

Just installed the new client on macOS Monterey and I can no longer connect to my NC instance. Client shows my account is offline. I can click the dots and login menu but nothing happens. The menu just disappears. I can still login through a browser so I know my instance is fine. I’m wondering if this is an SSL issue. I only allow TLS 1.3 and I do limit the Cipher Suites to ECDH x25519
Does anyone know if the new client no longer supports TLS 1.3 or ECDH ciphers?

These seem to be the pertinent logs from my desktop client:

2022-01-08 09:43:52:511 [ warning nextcloud.sync.networkjob /var/folders/yr/9dx0mtfj7kdf4725tmcz6md80000gp/T/macos-8596/src/libsync/abstractnetworkjob.cpp:185 ]: SslHandshakeFailedError: SSL handshake failed : can be caused by a webserver wanting SSL client certificates
2022-01-08 09:43:52:511 [ warning nextcloud.sync.networkjob /var/folders/yr/9dx0mtfj7kdf4725tmcz6md80000gp/T/macos-8596/src/libsync/abstractnetworkjob.cpp:224 ]: QNetworkReply::SslHandshakeFailedError SSL handshake failed QVariant(Invalid)
2022-01-08 09:43:52:511 [ warning nextcloud.sync.credentials.webflow /var/folders/yr/9dx0mtfj7kdf4725tmcz6md80000gp/T/macos-8596/src/gui/creds/webflowcredentials.cpp:227 ]: QNetworkReply::SslHandshakeFailedError
2022-01-08 09:43:52:511 [ warning nextcloud.sync.credentials.webflow /var/folders/yr/9dx0mtfj7kdf4725tmcz6md80000gp/T/macos-8596/src/gui/creds/webflowcredentials.cpp:228 ]: SSL handshake failed
2022-01-08 09:43:52:511 [ warning nextcloud.sync.networkjob.checkserver /var/folders/yr/9dx0mtfj7kdf4725tmcz6md80000gp/T/macos-8596/src/libsync/networkjobs.cpp:541 ]: error: status.php replied 0
2022-01-08 09:43:52:511 [ warning nextcloud.sync.connectionvalidator /var/folders/yr/9dx0mtfj7kdf4725tmcz6md80000gp/T/macos-8596/src/gui/connectionvalidator.cpp:139 ]: QNetworkReply::SslHandshakeFailedError SSL handshake failed
2022-01-08 09:43:52:511 [ info nextcloud.gui.account.state /var/folders/yr/9dx0mtfj7kdf4725tmcz6md80000gp/T/macos-8596/src/gui/accountstate.cpp:306 ]: AccountState connection status change: OCC::ConnectionValidator::Undefined → OCC::ConnectionValidator::SslError
2022-01-08 09:43:52:512 [ info nextcloud.gui.account.state /var/folders/yr/9dx0mtfj7kdf4725tmcz6md80000gp/T/macos-8596/src/gui/accountstate.cpp:101 ]: AccountState state change: Disconnected → Signed out
2022-01-08 09:43:52:512 [ info nextcloud.gui.folder.manager /var/folders/yr/9dx0mtfj7kdf4725tmcz6md80000gp/T/macos-8596/src/gui/folderman.cpp:721 ]: Account disconnected or paused, terminating or descheduling sync folders

Hey Steve,
do you have a solution in the meanwhile? I’m facing the same issue. When I updated to 3.4.1 I recognized it the first time and rolled back the install.
However, with 3.4.2 the issue is still there.
Since I run my own nextcloud instance, I’m wondering whether it has something to do with the SSL settings from my webserver (although Safari is happy with it).
BR, Conrad

Although it’s far from optimal, I’ve temporarily reverted my apache_site.conf back to allowing connections that are TLS 1.2
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder off
SSLSessionTickets off
You can use the Mozilla SSL Generator if you haven’t tried it before.
The config I gave above is using the Intermediate Configuration.
Just edit your config file, probably: /etc/apache2/sites-available/xxx.conf
It would make sense that safari would be able to get in with TLSv3 since this problem only relates to the Mac Client software. Hope that helps.

Hi steve, thanks for the fast reply. I wonder why they changed the SSL config for the nextcloud client with version 3.4.x. Since my setup is running on a synology diskstation (apache2.4 behind nginx reverse proxy) and does more than just nextcloud, I won’t enable the vulnerable support of TLSv1.2. Instead, I will roll back the nextcloud client and open an issue.
BR, Conrad

Oh boy… the issue is well known since November

1 Like