Owncloud mozilla_sync server and Android

[elraro]

Hi!

Im trying to use my custom mozilla_sync server https://github.com/owncloud/mozilla_sync with Pale Moon in Android, but i have problems... Recovery Key? Where? Without a recovery key i cant enable Connect button in Pale Moon...

Thanks you!

EDIT: ok, i found the recovery key, under Manage account. Sorry, im a bit noob Tried with Pale Moon in Linux x64, all works perfect. The problem is in Android, the URL of my custom server. It said invalid server URL...

Thanks again guys

[elraro]

Well, tried with custom url and token and nothing. No errors in log apache files or nothing...

[elraro]

The problem is SSL certificate... Its a self-signed. If i disable https and use http syncs works perfect, but nothing with https in Android. In Linux works great https.

Tried adding certificate before sync and nothing.

[Teyro]

Ive got the same problem on my own hosted sync server....

I use a raspberry pi 2 on the oneplus two.... I cant sync :S

[elraro]

Tested with a ssl certificate from startssl and same problem

[Teyro]

A workaround is to use the pale moon quick setup with the 3x4 code for custom server setup....

[elraro]

A workaround is to use the pale moon quick setup with the 3x4 code for custom server setup....

Something must be wrong, sync works in desktop and not in android? it must be the same code for both, and must work in both

[Teyro]

Sync on Android useses ssl.... desktop ignore bad ssl

[elraro]

Sync on Android useses ssl.... desktop ignore bad ssl

Desktop works nice with self-signed ssl and buyed ssl (startssl). Android doesnt work with ssl (self-signed or not) and only works with http because it said: bad url. I didnt see nothing in apache logs, i think is a android client bug. But i cant see the source code...

[elraro]

The bug in android

Code: Select all

02-17 21:33:37.045 15187-18244/? W/FxSync: org.palemoon.android :: AccountAuthenticator :: Authentication failed.
                                           javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
                                               at com.android.org.conscrypt.SSLNullSession.getPeerCertificates(SSLNullSession.java:104)
                                               at ch.boye.httpclientandroidlib.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
                                               at ch.boye.httpclientandroidlib.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
                                               at ch.boye.httpclientandroidlib.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
                                               at ch.boye.httpclientandroidlib.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
                                               at ch.boye.httpclientandroidlib.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
                                               at ch.boye.httpclientandroidlib.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:573)
                                               at ch.boye.httpclientandroidlib.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
                                               at ch.boye.httpclientandroidlib.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:818)
                                               at ch.boye.httpclientandroidlib.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:752)
                                               at org.mozilla.gecko.sync.net.BaseResource.execute(BaseResource.java:229)
                                               at org.mozilla.gecko.sync.net.BaseResource.retryRequest(BaseResource.java:268)
                                               at org.mozilla.gecko.sync.net.BaseResource.execute(BaseResource.java:239)
                                               at org.mozilla.gecko.sync.net.BaseResource.go(BaseResource.java:296)
                                               at org.mozilla.gecko.sync.net.BaseResource.get(BaseResource.java:302)
                                               at org.mozilla.gecko.sync.setup.auth.EnsureUserExistenceStage$3.run(EnsureUserExistenceStage.java:111)
                                               at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:422)
                                               at java.util.concurrent.FutureTask.run(FutureTask.java:237)
                                               at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
                                               at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
                                               at java.lang.Thread.run(Thread.java:818)

[elraro]

Solved check your ssl config Teyro and dont remove RC4. I will try fix this

[Teyro]

Heyho,

Well i got a RaspberryPI2 with Apache and OwnCloud.... But i dont now "how to disable it".... Can you Post me the line of the config please?

[Moonchild]

I'm having a new build of PM4A slated to be released soon -- currently in beta testing. That should prevent you from having to add RC4 in your owncloud configurations.

[Teyro]

Wow ! That means you start to work on PaleMoon for Android again? Wow great news!

[Moonchild]

Wow ! That means you start to work on PaleMoon for Android again? Wow great news!

Just maintenance/security releases, I'm afraid.

[samweis]

Hello!

At first, cause I am new here in this forum, thank your for your awesome work! I use the android version since a year and I am very happy with it

I read that you have released new versions of PM4A what is very exciting for me because I have a working mozilla_sync app in my owncloud 8.1.3 and would like to sync my PM4A too. Of course I have ssl pretty securely enabled on my server. So with my older version of PM4A I had the usual "javax.net.ssl.SSLPeerUnverifiedException: No peer certificate" exception. So I tried the last one (25.9.4) with the advanced options to configure sync, but sadly without success. So I tried a few older versions.

Since a few months I even have a publicly trusted certificate from letsencrypt.org where no browser does bug around anymore.

So my question is, did I something wrong in my setup? Maybe it could have something to do with the apache ssl settings or openssl version?

If it matters:
Smartphone Setup:
cyanogenmod 12.1 (Android 5.1.1)

Server Setup:
owncloud 8.1.3
php 5.6.22
apache 2.2.15
openssl 1.0.1e
CentOS 6.8 (64bit)

Just in case, apache ssl cfg:

Code: Select all

SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"

[Moonchild]

Please do a client check to see what your cyanogenmodded device supports in terms of cipher suites and protocols, and adjust the available suites on the server side accordingly.

[samweis]

OK, i compared the lists of supported/used ciphers of my server and palemoon-25.9.4/fennec-47.0 and all three have at least one matching cipher. But I tried to connect to my server with no configured ciphers and also with sslv2 and sslv3 enabled but I still cannot create a palemoon sync account and I do not see any entries in my apache log. So it seems it still has a problem with the ciphers/protocols.

Do you have at least one cipher and protocol version for me which works with palemoon sync?

[Moonchild]

The cipher/protocol combination for Sync depends on what is available on your device!

For sync, the following is defined:

Code: Select all

  static {
    if (Build.VERSION.SDK_INT >= 20) { //Android 5+
      DEFAULT_CIPHER_SUITES = new String[]
          {
           "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
           "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
           "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
           "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
         
           // Emergency non-ECC fallbacks
           "TLS_RSA_WITH_AES_256_CBC_SHA",
           "TLS_RSA_WITH_AES_128_CBC_SHA",
           "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
          };
    } else {
      DEFAULT_CIPHER_SUITES = new String[]
          {
           "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
           "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
           "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
           "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
         
           // Emergency non-ECC fallbacks
           "TLS_RSA_WITH_AES_256_CBC_SHA",
           "TLS_RSA_WITH_AES_128_CBC_SHA",
           "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
          };
    }
    
    if (Build.VERSION.SDK_INT >= 19) { //Android 4.4+ supports TLS 1.2
      DEFAULT_PROTOCOLS = new String[] {
        "TLSv1.2",
        "TLSv1.1",
        "TLSv1",
      };
    } else {
      DEFAULT_PROTOCOLS = new String[] {
        "TLSv1",
      };
    }
  }