Hello,

I found this tool to test the ciphers that uses my server:

When I run ./testssl.sh -e office.pointing.url, i got this:

Testing 370 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength

## Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)

x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA

x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA

x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA

but running same command to my nextcloud install, I got this:

Testing 370 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength

## Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)

x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384

x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256

xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 521 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

xc028 ECDHE-RSA-AES256-SHA384 ECDH 521 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

xc014 ECDHE-RSA-AES256-SHA ECDH 521 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

x9f DHE-RSA-AES256-GCM-SHA384 DH 4096 AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH 521 ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

xccaa DHE-RSA-CHACHA20-POLY1305 DH 4096 ChaCha20 256 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256

xc0a3 DHE-RSA-AES256-CCM8 DH 4096 AESCCM8 256 TLS_DHE_RSA_WITH_AES_256_CCM_8

xc09f DHE-RSA-AES256-CCM DH 4096 AESCCM 256 TLS_DHE_RSA_WITH_AES_256_CCM

x6b DHE-RSA-AES256-SHA256 DH 4096 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

x39 DHE-RSA-AES256-SHA DH 4096 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA

xc077 ECDHE-RSA-CAMELLIA256-SHA384 ECDH 521 Camellia 256 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384

xc4 DHE-RSA-CAMELLIA256-SHA256 DH 4096 Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256

x88 DHE-RSA-CAMELLIA256-SHA DH 4096 Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA

x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384

xc0a1 AES256-CCM8 RSA AESCCM8 256 TLS_RSA_WITH_AES_256_CCM_8

xc09d AES256-CCM RSA AESCCM 256 TLS_RSA_WITH_AES_256_CCM

x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256

x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA

xc0 CAMELLIA256-SHA256 RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256

x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

xc051 ARIA256-GCM-SHA384 RSA ARIAGCM 256 TLS_RSA_WITH_ARIA_256_GCM_SHA384

xc053 DHE-RSA-ARIA256-GCM-SHA384 DH 4096 ARIAGCM 256 TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384

xc061 ECDHE-ARIA256-GCM-SHA384 ECDH 521 ARIAGCM 256 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384

x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256

xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 521 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

xc027 ECDHE-RSA-AES128-SHA256 ECDH 521 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

xc013 ECDHE-RSA-AES128-SHA ECDH 521 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

x9e DHE-RSA-AES128-GCM-SHA256 DH 4096 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

xc0a2 DHE-RSA-AES128-CCM8 DH 4096 AESCCM8 128 TLS_DHE_RSA_WITH_AES_128_CCM_8

xc09e DHE-RSA-AES128-CCM DH 4096 AESCCM 128 TLS_DHE_RSA_WITH_AES_128_CCM

xc0a0 AES128-CCM8 RSA AESCCM8 128 TLS_RSA_WITH_AES_128_CCM_8

xc09c AES128-CCM RSA AESCCM 128 TLS_RSA_WITH_AES_128_CCM

x67 DHE-RSA-AES128-SHA256 DH 4096 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

x33 DHE-RSA-AES128-SHA DH 4096 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA

xc076 ECDHE-RSA-CAMELLIA128-SHA256 ECDH 521 Camellia 128 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256

xbe DHE-RSA-CAMELLIA128-SHA256 DH 4096 Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256

x45 DHE-RSA-CAMELLIA128-SHA DH 4096 Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA

x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256

x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256

x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA

xba CAMELLIA128-SHA256 RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256

x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA

xc050 ARIA128-GCM-SHA256 RSA ARIAGCM 128 TLS_RSA_WITH_ARIA_128_GCM_SHA256

xc052 DHE-RSA-ARIA128-GCM-SHA256 DH 4096 ARIAGCM 128 TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256

xc060 ECDHE-ARIA128-GCM-SHA256 ECDH 521 ARIAGCM 128 TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256

I don’t know if this could help. I am really lost with this issue, because all was running a few weeks ago and suddenly i got this error. More and less it coincides in time with the last upgrade of nextcloud server in production mode.

P.D. Thinking on this, I got UFW running on my server, could be something related with this?