SSL Initialisation failed with Nextcloud Android

HucSte · August 26, 2016, 6:48pm

Hi, my problem to connect with nextcloud android app is not resolv! always same error message into android app: SSL initialization failed

My actual server NC: 10, with PHP 7.0.10, powered by Nginx (1.10.1), on Ubuntu 14.04.1

My Nginx config file domain :

upstream php-handler {
        server unix:/div_www/cld.stephane-huc.net/dir_fpm/fpm.sock;
}

include /div_nginx_cfg/cld.stephane-huc.net/301_to_https.cfg;

server {
    include /div_nginx_cfg/cld.stephane-huc.net/port_https.cfg;

    ###########
    ### SSL cfguration
    ###########
    include /div_nginx_cfg/cld.stephane-huc.net/ssl.cfg;

    server_name cld.stephane-huc.net;

    root /div_www/cld.stephane-huc.net/www/;

    access_log  /div_www/cld.stephane-huc.net/logs/access.log compression if=$loggable;
    error_log   /div_www/cld.stephane-huc.net/logs/errors.log;

    include /div_nginx_cfg/cld.stephane-huc.net/headers.cfg;

    ##########
    ### Limit connections
    ##########
    client_max_body_size 512M;
    gzip off;

    ##########
    ### Manage returns errors
    ##########
    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    ##########
    ### rewritings!
    ##########
    rewrite ^/caldav(.*)$ /remote.php/dav$1 redirect;
    rewrite ^/carddav(.*)$ /remote.php/dav$1 redirect;

    ##########
    ### locations
    ##########

    location / {

        rewrite ^ /index.php$uri;

    }

    # auth .well-known
    include /div_nginx_cfg/cld.stephane-huc.net/well_known.cfg;

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }
    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;

        fastcgi_param HTTP_AUTHORIZATION $http_authorization if_not_empty;
        fastcgi_param XAUTHORIZATION $http_authorization if_not_empty;

        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }

    # manage favicon
    include /div_nginx_cfg/cld.stephane-huc.net/favicon.cfg;

    # manage images
    include /div_nginx_cfg/cld.stephane-huc.net/img.cfg;

    # manage robots.txt
    include /div_nginx_cfg/cld.stephane-huc.net/robots.cfg;

    # manage scripts CSS/JS
    include /div_nginx_cfg/cld.stephane-huc.net/scripts.cfg;
}

My config SSL :

 
ssl_certificate /div_www/cld.stephane-huc.net/dir_ssl/fullchain.pem;
ssl_certificate_key /div_www/cld.stephane-huc.net/dir_ssl/privkey.pem;
ssl_dhparam /srv/nginx/dhparam/dhp_4096.pem;


ssl_prefer_server_ciphers on;
# Intermediate
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDH:DH:AES:!aNULL:!eNULL:!NULL:!DES:!3DES:!DSS:!EXPORT:!LOW:!MEDIUM:!PSK:!RC4:!SHA';

ssl_session_cache shared:SSL:10m;
ssl_session_tickets on;
ssl_session_ticket_key /dir_nginx/t.k;
ssl_session_timeout 24h;

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /div_www/cld.stephane-huc.net/dir_ssl/chain.pem;

resolver 80.67.169.12 80.67.169.40 142.4.204.111 142.4.205.47 valid=300s;
resolver_timeout 3s;

My well-known config nginx file is :

 location '/.well-known' {
        allow all;
}
location '/.well-known/acme-challenge' {
        allow all;
}

location = /.well-known/carddav {
    return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
    return 301 $scheme://$host/remote.php/dav;
}

My pool php7-fpm file :

 [pool]

prefix = /div_www/cld.stephane-huc.net

user = ***
group = ***

listen = /div_www/cld.stephane-huc.net/dir_fpm/server.sock
listen.owner = ***
listen.group = ***
listen.mode = 0660
listen.allowed_clients = 127.0.0.1

pm = ondemand
pm.max_children = 7
pm.process_idle_timeout = 30s;
pm.max_requests = 500

access.log = logs/$pool.access.log
access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"

slowlog = logs/$pool.slow.log
request_slowlog_timeout = 30
request_terminate_timeout = 120

rlimit_files = 4096

chroot = /
chdir = /

catch_workers_output = yes

security.limit_extensions = .php

env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
env[TMP] = /div_www/cld.stephane-huc.net/tmp/
env[TMPDIR] = /div_www/cld.stephane-huc.net/tmp/
env[TEMP] = /div_www/cld.stephane-huc.net/tmp/

php_admin_flag[log_errors] = on
php_admin_value[disable_functions] = dl,exec,passthru,system,proc_open,popen,curl_multi_exec,parse_ini_file,show_source
php_admin_value[error_log] = logs/cld.stephane-huc.net.php_errors.log
php_admin_value[memory_limit] = 32M
php_admin_value[open_basedir] = *******:/dev/urandom
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f ****@cld.stephane-huc.net
php_admin_value[session.save_path] = /div_www/cld.stephane-huc.net/***
php_admin_value[upload_max_filesize] = 8M
php_admin_value[upload_tmp_dir] = /div_www/cld.stephane-huc.net/tmp/
php_flag[display_errors] = off
php_value[max_execution_time] = 7
php_value[include_path] = .:/usr/share/pear:/usr/share/php

My headers HTTP:

Server: nginx!
Date: Fri, 26 Aug 2016 18:50:54 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 60609
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
content-security-policy: default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'
access-control-allow-origin: cld.stephane-huc.net
strict-transport-security: max-age=31536000; preload
X-Content-Type-Options: nosniff
x-download-options: noopen
frame-options: SAMEORIGIN
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
X-Powered-By: HucSte :D
x-robots-tag: none
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=edge,chrome=1
X-Firefox-Spdy: h2

200 OK

tflidd · August 27, 2016, 7:23am

Does it work on a mobile browser (check if android finds a common cipher with the server)?

HucSte · August 27, 2016, 7:58am

Yes, it work with Firefox, or native browser on my smartphone Android, or with my tablet Android.

I can display secure cert, delivred by Let’sEncrypt.

noobzilla · September 5, 2016, 12:48pm

i have the same problem, but i’m using an apache server. My android version ist 4.4.4 and i have successfully managed the sync of contacts an calendars with DAVdroid so it cant be a cipher or other tls error. Also the apache and nextcloud error-logs doesnt show any hints.
I’d be happy to see a working nextcloud-app.

tobiasKaminsky · September 5, 2016, 3:24pm

@HucSte for me it is working in an emulator. At least it says “secure connection established”. Of course I cannot test more as I do not have access to your server

@noobzilla if you want you can pn me your server address, then I can test it.

HucSte · September 5, 2016, 4:10pm

@tobiasKaminsky: it’s good for you, with your emulator.
Me, i’ve two devices :

one smartphone Xiaomi Redmi, with Android 4.4.2
one tablet Teclast X89 Kindow, with Android 4.4.4.

On both, i installed F-Droid, and Nextcloud App (1.1.0) or Nextcloud Beta App (20160621)
On my Smartphone, ownCloud Notes (0.8.1).

With the Nextcloud App, it display this error message: SSL initialization failed
(in english, in my smartphone; in french, with my tablet)

I attempt by my personal wifi to connect me on my server, throught my broadband adsl box.
I attempt to try by 3G connection with my phone: same bad result!
or the other message: The server took too long to respond

I attempt on my tablet with orfox, throught orbot (tor connection), it’s run too correctly!
of, with Firefox, on both devices!

tflidd · September 6, 2016, 9:49am

Have you checked your nginx-error-log? You could also run a packet sniffer (tcpdump) on your server and check if your phone manages to connect at all. Do you use dual stack (ivp4/6) on your server/client?
Can you connect your client to demo.nextcloud.com?

groovy · September 6, 2016, 9:58am

I have installed app Version 1.2.0 on my Android 4.4.2 and apache 2.4.23 with Cert from Let’s Encrypt. Works fine for me and the app tells me that my connection is secured.

noobzilla · September 6, 2016, 1:01pm

@tobiasKaminsky: I located the problem in the SSLCipherSuite restriction of my Apache Server. Adding the Cipher “ECDHE-RSA-AES128-SHA” did the trick. I used very strong restrictions before, but i still get an A+ rating from ssllabs

HucSte · September 6, 2016, 2:07pm

@noobzilla: yes, it’s resolved my problem too; but, it’s very bad trip that’s necessary to decrease security SSL!

I uncomment this security minimal than accept ‘sha’:

ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';

(intermediate recommandation by Mozilla configurator)

Why is bad? Because, it’s initialize in defective mode SSLv3 !!!

Sorry, but i hate this! Really.

Please, the app Android developpers, correct the code NC to permit connections with secure SSL modes, and ciphers corrects.

noobzilla · September 6, 2016, 2:28pm

@HucSte: Its not neccessary to activate SSLv3. I still have only TLSv1.2 activated. SSLv2, SSLv3, TLSv1 and TLSv1.1 are disabled. My cipher suite is:

This contains only one weaker cipher (ECDHE-RSA-AES128-SHA) for compatibility to Android 4.4.4, no SSL or TLS < 1.2 required.

HucSte · September 6, 2016, 2:32pm

@noobzilla:

    $ openssl ciphers -v 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA'
    ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
    ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
    ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
    ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
    ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
    ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
    ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
    ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
    ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1

As you read, the cipher ‘ECDHE-RSA-AES128-SHA’ use SSLv3 mode! (and defective SHA1)…

Just for my insterest, you cipher suite can be resume to, isn’t-it!? :

'ECDHE:!aNULL:!eNULL:!NULL:!DES:!3DES:!DSS:!EXPORT:!LOW:!MEDIUM:!PSK:!RC4'

noobzilla · September 6, 2016, 6:31pm

@HucSte: with your cipher-suites the apache server didnt work…
Is it really possible that the server falls back to SSLv3? I use “SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1” in the apache-config just to be sure (i know “-all +TLSv1.2” would be shorter)… The ssl-labs servertest also says that its only TLSv1.2 activated. Is that only because it tests the “TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384” mode for Android 4.4 instead of the used “ECDHE-RSA-AES128-SHA” ?

HucSte · September 6, 2016, 8:02pm

Sorry, nginx failed too:

$ sudo nginx -t
nginx: [emerg] SSL_CTX_set_cipher_list("ECDHE:!aNULL:!eNULL:!NULL:!DES:!3DES:!DSS:!EXPORT:!LOW:!MEDIUM:!PSK:!RC4:!SHA") failed (SSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)
nginx: configuration file /etc/nginx/nginx.conf test failed

But, If you test :

$ openssl ciphers -v 'ECDHE:!aNULL:!eNULL:!NULL:!DES:!3DES:!DSS:!EXPORT:!LOW:!MEDIUM:!PSK:!RC4'
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1

What’is the results, for you?

Unless i made a mistake, yes, TLS fallback in mode SSLv3

However TLS as SSLv3, incorporates a mechanism backward compatibility with previous versions, that is to say at the beginning of the negotiation phase, the client and server negotiate the “best” version of the protocol by all available two

If the client can only communicate in the SSLv3 protocol, TLS will fallback in this mode.
It’s clearly explain in this Basic TLS handshake wikipedia page

Only with TLSv3, SSLv3 that is no longer supported!

noobzilla · September 6, 2016, 8:29pm

@HucSte : the answer to your openssl command is:

but maybe that doesnt fit with the thread title any longer It works for me, so it think i wont change it until i upgraded my android phone to at least Lollipop (which will happen in the next few days)

But i still wonder about Firefox for Android working with TLSv1.2 only and Android/the app doesnt…

HucSte · September 6, 2016, 8:53pm

@noobzilla i agree!

DO NOT USING ANDROID APP!

HucSte · September 7, 2016, 2:51pm

@noobzilla: hello, this ciphers suite run correctly!

 'EECDH+AES:+AES128:+AES256:+SHA'

@ll others: Remember, SHA1 depreciated end of 2016!

tflidd · September 7, 2016, 3:21pm

Is this the corresponding bug report?

HucSte · September 7, 2016, 6:25pm

yes, it’s seems same!

Andy · September 13, 2016, 12:18pm

@ all and @HucSte I did some searching, see also https://forums.bitfire.at/topic/720/ssl-handshake-aborted-exception-while-adding-account/17 different Android versions/devices and the issue simply seems to be that while Mozilla is propagating 256 ciphers that TLS1.2 only has 128 as mandatory, so depending on your phone (as in Android version and manufacturer) ciphers are activated on the phones implementation, or not…