Ubuntu 20.04 - SSL handshake failed

Ubuntu 20.04
Original problem (this same) with 2.5.1.10973+dfsg-1ubuntu4, so I tried
Version 2.6.3daily20200530 (build 2600) but still when add new account, I get error:
Failed to connect to ownCloud at https://owncloud.jjussi.com: SSL handshake failed

Program owncloud-client works at Ubuntu 18.04 (version 2.4.1+dfsg-1) without errors. Installing that same version to Ubuntu 20.04 don’t work…

https://www.ssllabs.com/ssltest/analyze.html?d=owncloud.jjussi.com&latest gives me grade-A and don’t list any errors.

Expected behaviour

Program should contact my owncloud-server without problem

Actual behaviour

Failed to connect to ownCloud at https://owncloud.jjussi.com: SSL handshake failed

Steps to reproduce

  1. Install Ubuntu/Kubuntu 20.04
  2. Install owncloud-client
  3. Start owncloud and try to add new account https:/owncloud.jjussi.com

Server configuration

Operating system: Ubuntu 15.04 (GNU/Linux 2.6.32-042stab141.3 x86_64)

Web server: Apache/2.4.10 (Ubuntu)
Server built: Jul 24 2015 17:25:18

Database: mysqld Ver 5.6.33-0ubuntu0.14.04.1 for debian-linux-gnu on x86_64 ((Ubuntu))

PHP version: php7.1/now 7.1.26-1+ubuntu14.04.1+deb.sury.org+1

ownCloud version: owncloud-10.4.1

Storage backend (external storage):

Client configuration

Client version: 2.6.3daily20200530

Operating system: Linux 5.4.0-31-generic x86_64

OS language: English

Qt version used by client package (Linux only, see also Settings dialog): Qt 5.12.7, OpenSSL 1.1.1f 31 Mar 2020

Client package (From ownCloud or distro) (Linux only): owncloud-client_2.6.1+oc-2071_amd64.deb

Installation path of client: /usr/bin/owncloud

Logs

Hey,

i can open your URL in a browser as well without any issues / certificate warnings.

This looks to me like a problem in the desktop client:

05-30 13:25:29:286 [ warning sync.networkjob ]:	SslHandshakeFailedError:  "SSL handshake failed"  : can be caused by a webserver wanting SSL client certificates
05-30 13:25:29:286 [ warning sync.networkjob ]:	QNetworkReply::SslHandshakeFailedError "SSL handshake failed" QVariant(Invalid)

I think it could make sense to notify the ownCloud team at https://github.com/owncloud/client/issues about this.

Mhhh, but i think there is something stragen. curl is showing the following error so i think there might be a problem with the SSL configuration of the server:

curl: (35) error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type

If i’m expanding the Certificate #2: on the ssllabs.com page i’m getting a big red " MISMATCH", i think there is indeed something wrong with the SSL setup related to the certificates.

Yes. Curl at Ubuntu 20.04 gives me that same too…

But if I do it at Ubuntu 18.04 there is no error

  • Rebuilt URL to: https://owncloud.jjussi.com/
  • Trying 185.81.166.228…
  • TCP_NODELAY set
  • Connected to owncloud.jjussi.com (185.81.166.228) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  • TLSv1.2 (IN), TLS handshake, Server finished (14):
  • TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  • TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  • TLSv1.2 (OUT), TLS handshake, Finished (20):
  • TLSv1.2 (IN), TLS handshake, Finished (20):
  • SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  • ALPN, server did not agree to a protocol
  • Server certificate:
  • subject: CN=owncloud.jjussi.com
  • start date: Apr 25 21:53:01 2020 GMT
  • expire date: Jul 24 21:53:01 2020 GMT
  • subjectAltName: host “owncloud.jjussi.com” matched cert’s “owncloud.jjussi.com
  • issuer: C=US; O=Let’s Encrypt; CN=Let’s Encrypt Authority X3
  • SSL certificate verify ok.

It is something with openssl version difference between those two ubuntu versions.

What comes to that #2 mismatch, I just changed that servers hostname from iot.jjussi.com to owncloud.jjussi.com… So, now ssllabs “complain” that iot.jjussi.com have that same mismatch. :wink:
But, let’s see if that change anything… It should not.

Hey,

i think that it could be possible that newer OpenSSL versions (i think there is a newer one included in 20.04 compared to 18.04) could be more strict for SSL configuration problems.

Manjaro have that “new” version core/openssl 1.1.1.g-2 too, but there owncloud-client works just fine.

Hey,

so i think there even could be a difference in the operating system. Maybe openssl is configured / compiled differently on Manjaro?

Hey,

i just have seen that an issue was reported to the ownCloud people and some debugging is ongoing there: