TLS 1.1 protocol?
-
I wonder if it is possible to have the cloudron accept TLS 1.1 protocol?
Reason I ask: It seems that many of the apps on my Android 4.1.2 phone (nextcloud app, chrome browser, firefox etc) are not able to connect to the cloudron apps, as the phone apps complain about an SSL protocol error. I first thought it could be a problem with Letsencrypt certificates, but then I tried my phone apps against other websites that run Letsencrypt and had no problem with it. And at those servers where it worked, these servers had TLS 1.1 enabled.
So, can TLS 1.1 be enabled in cloudron, at least for a test? I am not eager to have to buy a new phone at the moment, as the one I have is still working
EDIT: Seems this also affect my email client (K9), that is able to connect for downloading email, but not able to connect in order to send. It is correctly configured port 587 and STARTTLS
I actually had all this working a few days ago, but I had to reset my phone to factory defaults, and now all these problems arrive.
-
@subven Thank you. I understand your point of view, I am sure it is shared by most, including myself. I just thought it would be a good idea to have the cloudron owner decide this for him/her self, on an app by app basis maybe.
Now I am a bit confused, as I just tried Fennec browser and had no problem connecting to any of my cloudrons apps.
Still Chrome has connection problems, same with Firefox, Nextcloud and Davdroid mobile app has problems, K9 email client can not connect to cloudron to send mail, etc. They all complain about SSL protocol error.
So there may be something else that create the problem, because if the phone does not support TLS 1.2 then Fennec browser should complain about protocol error, but it doesn't.
Anyone have any idea what may be the problem?
-
I managed to get a screenshot of the SSL error from one of the troubled mobile apps when connecting to my cloudron.
-
As I have no knowledge of this technology, asking for help is my only option at the moment. Could this FAQ entry from the OpenVPN website be of help to identify the reason for my SSL protocol errors, and how to solve it? http://ics-openvpn.blinkt.de/FAQ.html
-
From what I understand, the device you are trying to connect from does not support any of the ciphers which Cloudron is requesting. We are following the security guidelines of the following communities:
- https://bettercrypto.org/static/applied-crypto-hardening.pdf
- https://mozilla.github.io/server-side-tls/ssl-config-generator/
- https://cipherli.st/
- https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
So we likely won't support outdated or insecure ciphers from the platform side.
