[Nextcloud 21 + Debian 10] SSL initialization error android 10 app

I am running Nextcloud 21 on Debian 10 with apache.
Build from scratch. My first time :slight_smile:

Everytime is working fine, ssllabs gives me an A+.

My only problem (so far :wink: ) is that my android app keeps saying SSL initialization error. And because of that or as a separate issue the app hangs a lot. The asks me to wait to shutdown the app constantly.

Now i have found that this change to “ssl_ecdh_curve prime256v1;” instead of “ssl_ecdh_curve secp384r1 should be the solution.

But i am not sure how to do this.

When i look at /etc/letsencrypt/options-ssl-apache.conf (This is the correct file right? ) i see:

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder off
SSLSessionTickets off

Which i put there, so that is fine. But would do i need to change? I am not seeing ssl_ecdh_curve secp384r1. So i am not sure what to do now.


Thanks for quick answer.

When i paste this in:

  1. {% if (ansible_os_family == ‘Debian’) %}
  2. SSLOpenSSLConfCmd Curves X25519:secp521r1:secp384r1:prime256v1
  3. {% endif %}

I get an error trying to restart apache2. When i only add the yellow part, i am able to restart apache. Shouldn’t it also work when i add the 3 lines i mentioned?

The SSL error is gone but the android app stills hangs a lot.

I have to admit the app is uploaden a lot of pictures but this should be fine right…

nope. sorry. the lines with {% … %} are jinja templates from my ansible playbook. my ansible playbook detects if it is executed on a debian system and adds the command.

yes. this may take a while.