I am facing Login errors with the android app. I am running the Server on centos with apache fastcgi on an alternate SSL Port. Also i bought a public SHA2 cert which is working on all clients exept on the android app. The security warning is displayed and it shows all cert properties as unknown. If i click continue anyway it loops to cert warning all time.
I have exact the same problem, but using Nginx instead of apache.
I searched this forum, but found no solution for me.
Seafile is working from all Clients, exept for Android (tested with different Samsung Smartphones and Tablets from Android 4.4.2 to the latest version).
SSLLABS check shows no problems (just incorrect chain order, but I think this should have no impact):
The security warning comes up, and when I choose YES to continue, the message appears again and again (LOOP).
The server has the following configuration:
Debian 7.11
Nginx 1.11.3
Seafile server 5.1.4, using Seahub with fast-cgi
Using the latest Seafile Client from PlayStore (2.1.3).
I hope anybody found a solution, because we can’t get rid of Dropbox until the Seafile Client does not work on Android.
Below is the printscreen of the certificate error message.
I mentioned in my post, that i have a public cert. So no, it’s not self signed. And it is from startcom.
But what I did on apache, I restricted ssl version and cipher to make it more secure than default.
Could be the same problem here. I also have restricted ssl protocols in order to gain a higher SSL Labs rating. Strange thin is that it has worked before, why shouldn’t it work with a newer OS? And I don’t get any error message. Neither on the smartphone nor in the logs on the server.
I also tried almost everything and still no success. I am running android 4.4.2 but on another smartphone with android 6 the login works! I have no idea, maybe the SSL / TLS implementation of specific vendors?
finnaly, for me I could solve the problem. It was related to the ssl config on apache.
Obviously the SSL config was too strong for the android app, because it supports only TLS1.2.
I have changed cipher in order to support all TLS back to TLS1. The working part looks like:
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!eNULL:!EXP:!LOW:!MD5:!DSS:!SEED:!IDEA
SSLHonorCipherOrder on
SSLProtocol All -SSLv2 -SSLv3
SSLCompression off
SSLHonorCipherOrder On
SSLCipherSuite
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CA
MELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SE
ED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
Header always set Strict-Transport-Security “max-age=31536000; includeSubDomains”