SSL problem: Tomboy cannot connect to grauphel about nextcloud-grauphel HOT 10 CLOSED

According to some posts in the internet one should do

$ mozroots --import --ask-remove

but this does not help.
Connecting to another server is working, so I suspect my server, but I do not know why.

from nextcloud-grauphel.

It's an SSL issue.

Do you get a green lock when opening your ownCloud URL in your browser, or do you have to confirm an SSL exception?

Where did you get your SSL certificate from? Is it from an official SSL provider, or a self-generated one? Or maybe from cacert.org which isn't in the browser's trust database?

from nextcloud-grauphel.

I wrote you an email, as it contains private data of my server.
When we find a solution (hopefully), I will post the solution.

from nextcloud-grauphel.

Wireshark tells me that the reason for the error is "Handshake failure (40)", issued by the server.
So the client tells the server which ciphers it supports, and the server responds with the handshake failure message. See http://tools.ietf.org/html/rfc2246#section-7.4.1.3

7.4.1.3. Server hello

When this message will be sent:
The server will send this message in response to a client hello message when it was able to find an acceptable set of algorithms.
If it cannot find such a match, it will respond with a handshake failure alert.

You should enable debugging in your apache logs and see if you get to see something there.

from nextcloud-grauphel.

After an upgrade to mono:4 and adding AES256-SHA to the CipherSuites it is working now.
Thank you for your hint with wireshark. The traffic told me which Ciphers Tomboy can understand and which the server allows.

from nextcloud-grauphel.

I ran into this as well. Tomboy has an related issue (tomboy-notes/tomboy#48), but I was able to get it working for myself by adding this to my nginx config for the server:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

I had also added AES256-SHA to the cypher suites like tobiasKaminsky, but on its own it wasn't enough.

from nextcloud-grauphel.

Hi!

Firstly I would also like to thank you for this app, it's already helping me getting my notes synced on my mobile devices. Unfortunately, Tomboy from my desktop does not sync yet, I also receive the "Server not responding" error.

I have a Let's Encrypt certificate and the server only allows ssl connections. I also added "ssl_protocols TLSv1 TLSv1.1 TLSv1.2;" to my nginx config. Is there anything else I have to do?

I have just installed wireshark but still need to find out how to actually use it. ;)

BR
Fo

from nextcloud-grauphel.

Hi again,

Maybe some additional info:

• Wireshark only shows the client hello, no server hello.
• There are no related errors in the nginx error log, I cannot find anything in the access log either.

I am running my nextcloud on a Raspberry Pi on Raspbian Stretch with nginx and php7.0. Please let me know if I can do anything else to narrow it down.

from nextcloud-grauphel.

And me again. ;)

I just received an error message by tomboy which hinted at a log file. There were actually some errors in it:

5/24/2018 8:38:53 PM [ERROR]: Caught exception. Message: Error: SendFailure (Error writing headers)

5/24/2018 8:38:53 PM [ERROR]: Stack trace for previous exception:   at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult asyncResult) <0x402de970 + 0x0019f> in <filename unknown>:0   
  at System.Net.HttpWebRequest.GetResponse () <0x402dad30 + 0x00053> in <filename unknown>:0 
  at Tomboy.WebSync.Api.AnonymousConnection.WebRequest (System.String method, System.String uri) <0x402bbb90 + 0x00093> in <filename unknown>:0   

5/24/2018 8:38:53 PM [ERROR]: Failed to get Root resource https://cloud.xyz.eu/apps/grauphel/api/1.0. Exception was: System.Net.WebException: Error: SendFailure (Error writing headers) ---> System.Net.WebException: Error writing headers ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (IAsyncResult asyncResult) <0x402f0f10 + 0x0010b> in <filename unknown>:0 
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (IAsyncResult ar, Boolean ignoreEmpty) <0x402f0e50 + 0x0002b> in <filename unknown>:0 
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (IAsyncResult result) <0x402edd80 + 0x00227> in <filename unknown>:0 
  --- End of inner exception stack trace ---
  at System.Net.WebConnection.EndWrite (System.Net.HttpWebRequest request, Boolean throwOnError, IAsyncResult result) <0x402f2730 + 0x00207> in <filename unknown>:0 
  at System.Net.WebConnectionStream+<SetHeadersAsync>c__AnonStorey1.<>m__0 (IAsyncResult r) <0x402f2030 + 0x0013b> in <filename unknown>:0 
  --- End of inner exception stack trace ---
  --- End of inner exception stack trace ---
  at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult asyncResult) <0x402de970 + 0x0019f> in <filename unknown>:0 
  at System.Net.HttpWebRequest.GetResponse () <0x402dad30 + 0x00053> in <filename unknown>:0 
  at Tomboy.WebSync.Api.AnonymousConnection.WebRequest (System.String method, System.String uri) <0x402bbb90 + 0x00093> in <filename unknown>:0 

from nextcloud-grauphel.

And some more input, this time from my nginx.conf. I guess, it must be somewhere in here... ;)

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        #ssl_prefer_server_ciphers on;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:AES256+SHA';

I edited out the ssl_prefer_server thing for testing, but it did not work.

from nextcloud-grauphel.