I have my seafile server running now since a couple of months. I used certbot to integrate a letsencrypt certificate. It works fine in LAN and WAN on multiple devices. Yet I have one Android Phone in the field that suddenly got a certificate issue. It says not trusted connection and cannot verify the issuer, the fingerprint and timestamp at all. I’ve tried clearing cache and data, reinstalling, LTE vs Wlan, checked AV settings with other devices that work and also imported the certificate manually. The user has no issue with her other devices (windows and iOS)
Her security settings on her Android are also the same as mine. I don’t know what to do anymore and need assistance. Since all other devices work fine I’m sure it’s a issue on that phone. Any ideas?
Kind regards
Michael
The User can use Firefox and Chrome on that device and goto the Server-URL without any issues. Its only the Seafile App on that Android that is having this issue
Importing Certs doesn’t work for the android client for a long time now. Which Android Version. Is there a old “shitty” internal browser and if yes does it accept the cert?
I had recently ‘tightened up’ my SSL security on my public facing nginx server that proxies to my personal Seafile server. Got an A+ rating on ssllabs. Now I have to add that old cipher back in to get the app to work, which SSL Labs declares as ‘WEAK’.
When will the app be updated to not rely on old ciphers?
Edit: I ALSO had to remove the nginx config lines for ssl_stapling. Even with this, while I can get the app to access the files once more I still get an error about an untrusted connection within the app.
You CAN set the downgraded SSL configuration for that site only though, so that might help limit the scope of vulnerability - if indeed you really NEED the app
What I don’t understand is this here maybe you can say it in a different way:
You CAN set the downgraded SSL configuration for that site only though, so that might help limit the scope of vulnerability - if indeed you really NEED the app
But I thought that old phone rely on the old cypher and that it’s not a problem of the seafile app. What from my understanding only uses the OS available cyphers
Im not really into android programming but i personally only had this issue with old phones that only wanted to connect using TLS1.0.
The funny thing was that only part of the seafile api was accessed using TLS1.0 and the phones could indeed speak TLS1.2 but need to use TLS1.0 for some parts (maybe cert verificiation?)