jjussi
May 30, 2020, 10:33am
1
Ubuntu 20.04
Original problem (this same) with 2.5.1.10973+dfsg-1ubuntu4, so I tried
Version 2.6.3daily20200530 (build 2600) but still when add new account, I get error:
Failed to connect to ownCloud at https://owncloud.jjussi.com : SSL handshake failed
Program owncloud-client works at Ubuntu 18.04 (version 2.4.1+dfsg-1) without errors. Installing that same version to Ubuntu 20.04 don’t work…
https://www.ssllabs.com/ssltest/analyze.html?d=owncloud.jjussi.com&latest gives me grade-A and don’t list any errors.
Expected behaviour
Program should contact my owncloud-server without problem
Actual behaviour
Failed to connect to ownCloud at https://owncloud.jjussi.com : SSL handshake failed
Steps to reproduce
Install Ubuntu/Kubuntu 20.04
Install owncloud-client
Start owncloud and try to add new account https:/owncloud.jjussi.com
Server configuration
Operating system: Ubuntu 15.04 (GNU/Linux 2.6.32-042stab141.3 x86_64)
Web server: Apache/2.4.10 (Ubuntu)
Server built: Jul 24 2015 17:25:18
Database: mysqld Ver 5.6.33-0ubuntu0.14.04.1 for debian-linux-gnu on x86_64 ((Ubuntu))
PHP version: php7.1/now 7.1.26-1+ubuntu14.04.1+deb.sury.org+1
ownCloud version: owncloud-10.4.1
Storage backend (external storage):
Client configuration
Client version: 2.6.3daily20200530
Operating system: Linux 5.4.0-31-generic x86_64
OS language: English
Qt version used by client package (Linux only, see also Settings dialog): Qt 5.12.7, OpenSSL 1.1.1f 31 Mar 2020
Client package (From ownCloud or distro) (Linux only): owncloud-client_2.6.1+oc-2071_amd64.deb
Installation path of client: /usr/bin/owncloud
Logs
owncloud SSL error
05-30 13:25:12:352 [ info gui.application ]: "################## ownCloud locale:[en_US] ui_lang:[] version:[2.6.3daily20200530 (build 2600)] os:[Ubuntu 20.04 LTS]"
05-30 13:25:12:352 [ info gui.application ]: Using "en_US" translation
05-30 13:25:12:352 [ info gui.application ]: Adding extra plugin search path: "/opt/ownCloud/ownCloud/lib/x86_64-linux-gnu/ownCloud/plugins"
05-30 13:25:12:352 [ info gui.application ]: VFS suffix plugin is available
05-30 13:25:12:353 [ info gui.socketapi ]: server started, listening at "/run/user/1000/ownCloud/socket"
05-30 13:25:12:353 [ info gui.folder.manager ]: setting remote poll timer interval to 30000 msec
05-30 13:25:12:567 [ info gui.application ]: Tray menu workarounds: noabouttoshow: false fakedoubleclick: false showhide: false manualvisibility: false
05-30 13:25:12:571 [ info gui.folder.manager ]: Setup folders from "/home/jjussi/.config/ownCloud/folders" (migration)
05-30 13:25:12:571 [ info sync.clientproxy ]: Set proxy configuration to use system configuration
05-30 13:25:12:620 [ info gui.application ]: No configured folders yet, starting setup wizard
This file has been truncated. show original
tom42
May 30, 2020, 5:53pm
2
Hey,
i can open your URL in a browser as well without any issues / certificate warnings.
This looks to me like a problem in the desktop client:
05-30 13:25:29:286 [ warning sync.networkjob ]: SslHandshakeFailedError: "SSL handshake failed" : can be caused by a webserver wanting SSL client certificates
05-30 13:25:29:286 [ warning sync.networkjob ]: QNetworkReply::SslHandshakeFailedError "SSL handshake failed" QVariant(Invalid)
I think it could make sense to notify the ownCloud team at https://github.com/owncloud/client/issues about this.
tom42
May 30, 2020, 5:56pm
3
Mhhh, but i think there is something stragen. curl is showing the following error so i think there might be a problem with the SSL configuration of the server:
curl: (35) error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type
If i’m expanding the Certificate #2:
on the ssllabs.com page i’m getting a big red " MISMATCH ", i think there is indeed something wrong with the SSL setup related to the certificates.
Yes. Curl at Ubuntu 20.04 gives me that same too…
But if I do it at Ubuntu 18.04 there is no error
Rebuilt URL to: https://owncloud.jjussi.com/
Trying 185.81.166.228…
TCP_NODELAY set
Connected to owncloud.jjussi.com (185.81.166.228) port 443 (#0 )
ALPN, offering h2
ALPN, offering http/1.1
successfully set certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
TLSv1.3 (OUT), TLS handshake, Client hello (1):
TLSv1.3 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS handshake, Certificate (11):
TLSv1.2 (IN), TLS handshake, Server key exchange (12):
TLSv1.2 (IN), TLS handshake, Server finished (14):
TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
TLSv1.2 (OUT), TLS change cipher, Client hello (1):
TLSv1.2 (OUT), TLS handshake, Finished (20):
TLSv1.2 (IN), TLS handshake, Finished (20):
SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
ALPN, server did not agree to a protocol
Server certificate:
subject: CN=owncloud.jjussi.com
start date: Apr 25 21:53:01 2020 GMT
expire date: Jul 24 21:53:01 2020 GMT
subjectAltName: host “owncloud.jjussi.com ” matched cert’s “owncloud.jjussi.com ”
issuer: C=US; O=Let’s Encrypt; CN=Let’s Encrypt Authority X3
SSL certificate verify ok.
It is something with openssl version difference between those two ubuntu versions.
What comes to that #2 mismatch, I just changed that servers hostname from iot.jjussi.com to owncloud.jjussi.com … So, now ssllabs “complain” that iot.jjussi.com have that same mismatch.
But, let’s see if that change anything… It should not.
tom42
June 7, 2020, 12:04pm
5
Hey,
i think that it could be possible that newer OpenSSL versions (i think there is a newer one included in 20.04 compared to 18.04) could be more strict for SSL configuration problems.
Manjaro have that “new” version core/openssl 1.1.1.g-2 too, but there owncloud-client works just fine.
tom42
June 7, 2020, 3:05pm
7
Hey,
so i think there even could be a difference in the operating system. Maybe openssl is configured / compiled differently on Manjaro?
tom42
September 17, 2020, 10:23am
9
Hey,
i just have seen that an issue was reported to the ownCloud people and some debugging is ongoing there:
opened 07:03AM - 31 May 20 UTC
Ubuntu 20.04
Original problem (this same) with 2.5.1.10973+dfsg-1ubuntu4, so I tried
Version 2.6.3daily20200530 (build 2600) but still when add new account, I get...