Sync client Error: SSL handshake failed

Ask all your questions on desktop sync clients. Please read the Support Forum Rules
Forum rules
The forums were migrated over to https://central.owncloud.org which is based on the forum software Discourse. The forums here is put into read-only mode starting from today.

More background information about this move and the reasoning behind it is available in this blogpost:

https://daniel.molkentin.net/2016/07/20 ... d-central/
denis21
Beginner
Posts: 23
Joined: Fri Mar 23, 2012 4:42 pm
Webserver: nginx
Database: MySQL
OS: Linux
PHP version: 5.3.22

Sync client Error: SSL handshake failed

Postby denis21 » Sun Jun 03, 2012 9:25 pm

Trying to connect to ownCloud at https://cloud-storage.mydomain.com...
Unable connection to ownCloud!
Error: SSL handshake failed


Code: Select all

# lsb_release -d
Description:   Debian GNU/Linux 6.0.5 (squeeze)
# uname -r
2.6.32-5-686

After davfs2 working properly. But after sync-client does not work. Maybe the problem is that the client can not work with SNI - http://en.wikipedia.org/wiki/Server_Name_Indication ? With this technology, this is the same server hosted multiple sites with tls/
Client installed as follows:

Code: Select all

echo 'deb http://download.opensuse.org/repositories/isv:ownCloud:community/Debian_6.0/ /' >> /etc/apt/sources.list
apt-get update
apt-get install owncloud-client

w00p
Beginner
Posts: 11
Joined: Tue May 22, 2012 12:23 pm
ownCloud version: 8.0.2
Webserver: Apache
Database: MySQL
OS: Linux
PHP version: 5.4.6

Re: Sync client Error: SSL handshake failed

Postby w00p » Tue Jun 05, 2012 2:50 pm


denis21
Beginner
Posts: 23
Joined: Fri Mar 23, 2012 4:42 pm
Webserver: nginx
Database: MySQL
OS: Linux
PHP version: 5.3.22

Re: Sync client Error: SSL handshake failed

Postby denis21 » Tue Jun 05, 2012 9:16 pm

The domain name in the certificate and have the correct server. The certificate was signed startssl. But, if other Virtual hosts on which should not have been owncloud self-signed certificate.

denis21
Beginner
Posts: 23
Joined: Fri Mar 23, 2012 4:42 pm
Webserver: nginx
Database: MySQL
OS: Linux
PHP version: 5.3.22

Re: Sync client Error: SSL handshake failed

Postby denis21 » Sat Jun 09, 2012 10:32 pm

up

g00s3m4n
Beginner
Posts: 19
Joined: Wed Jun 06, 2012 1:02 pm

Re: Sync client Error: SSL handshake failed

Postby g00s3m4n » Sun Jun 10, 2012 3:36 am

Hello,

I also had this problem and I managed to find a solution so I thought I would share my findings.

Note: I am using a third party certificate, so my certificate is not self-signed. I suspect the same principals apply to those using a self-signed certificate but I have not tested it.

In my case, I installed my certificate as was able to correctly access https://cloud.mydomain.com in my browser without any issues from either of my laptops (Win8/OSX Lion) However configuring the client on either of these would result in a "SSL handshake failed" error. After much messing around it seems that the client is expecting a TLS connection to the OwnCloud server and having the certificate installed does necessarily ensure TLS as your server name should match your certificate CN (common name).

Firstly, ensure that your certificate CN is correct. If for example you access your OwnCloud using https://cloud.yourdomain.com then your certificate CN should be cloud.yourdomain.com. If you access your OwnCloud using https://yourdomain.com/owncloud then your certificate CN should be yourdomain.com

If your certificate provider requires the installation of their intermediary and root certificates, make sure they are included in your apache configuration found in /etc/apache2/sites-enabled/default-ssl (in Ubuntu, probably httpd.conf in other distys). For example:

Code: Select all

SSLEngine on
SSLCertificateFile    /etc/ssl/server.crt
SSLCertificateKeyFile /etc/ssl/server.key
SSLCertificateChainFile /etc/ssl/subca.crt
SSLCACertificateFile /etc/ssl/ca.crt


Next, you need to ensure that you have the correct server name set in your apache configuration. In your /etc/apache2/sites-enabled/default-ssl, make sure that the 'ServerName' setting matches your certificate CN. For example:

Code: Select all

<VirtualHost _default_:443>
        ServerAdmin webmaster@yourdomain.com
        ServerName cloud.yourdomain.com
        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>


I hope this helps someone.

-g

denis21
Beginner
Posts: 23
Joined: Fri Mar 23, 2012 4:42 pm
Webserver: nginx
Database: MySQL
OS: Linux
PHP version: 5.3.22

Re: Sync client Error: SSL handshake failed

Postby denis21 » Sun Jun 10, 2012 10:39 am

Thank you. But my certificates were provided by StartSSL.
Common Name field corresponds to the site on which I walk.
I'm not used apache, i'm use nginx. I tried to check myself all the mistakes, but I do not understand where there may be a gag... If you believe that I have provided little information about the problem, please let me know. I'm not a great expert, unfortunately.
As for the settings in the Virtual host nginx I now have the following settings.

Code: Select all

        listen 443 ssl;
        ssl_certificate /etc/nginx/cert/startssl/cloud-storage.mydomain.com.pem;
        ssl_certificate_key /etc/nginx/cert/startssl/ssl.key;
        server_name cloud-storage.mydomain.com;
        ssl_protocols              TLSv1.1 TLSv1.2 TLSv1;
        ssl_ciphers                 ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH;
        ssl_prefer_server_ciphers   on;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 10m;

g00s3m4n
Beginner
Posts: 19
Joined: Wed Jun 06, 2012 1:02 pm

Re: Sync client Error: SSL handshake failed

Postby g00s3m4n » Mon Jun 11, 2012 8:46 am

Have you installed the intermediate and root startssl certificates? It looks like you need to concatenate all the certificates on nginx. See here for more info: http://wiki.nginx.org/HttpSslModule.

denis21
Beginner
Posts: 23
Joined: Fri Mar 23, 2012 4:42 pm
Webserver: nginx
Database: MySQL
OS: Linux
PHP version: 5.3.22

Re: Sync client Error: SSL handshake failed

Postby denis21 » Mon Jun 11, 2012 12:01 pm

Yes.

boxrick
Newbie
Posts: 5
Joined: Mon Dec 10, 2012 2:39 am
ownCloud version: 4.5.4

Re: Sync client Error: SSL handshake failed

Postby boxrick » Mon Dec 10, 2012 6:40 pm

g00s3m4n wrote:Hello,

I also had this problem and I managed to find a solution so I thought I would share my findings.

Note: I am using a third party certificate, so my certificate is not self-signed. I suspect the same principals apply to those using a self-signed certificate but I have not tested it.

In my case, I installed my certificate as was able to correctly access https://cloud.mydomain.com in my browser without any issues from either of my laptops (Win8/OSX Lion) However configuring the client on either of these would result in a "SSL handshake failed" error. After much messing around it seems that the client is expecting a TLS connection to the OwnCloud server and having the certificate installed does necessarily ensure TLS as your server name should match your certificate CN (common name).

Firstly, ensure that your certificate CN is correct. If for example you access your OwnCloud using https://cloud.yourdomain.com then your certificate CN should be cloud.yourdomain.com. If you access your OwnCloud using https://yourdomain.com/owncloud then your certificate CN should be yourdomain.com

If your certificate provider requires the installation of their intermediary and root certificates, make sure they are included in your apache configuration found in /etc/apache2/sites-enabled/default-ssl (in Ubuntu, probably httpd.conf in other distys). For example:

Code: Select all

SSLEngine on
SSLCertificateFile    /etc/ssl/server.crt
SSLCertificateKeyFile /etc/ssl/server.key
SSLCertificateChainFile /etc/ssl/subca.crt
SSLCACertificateFile /etc/ssl/ca.crt


Next, you need to ensure that you have the correct server name set in your apache configuration. In your /etc/apache2/sites-enabled/default-ssl, make sure that the 'ServerName' setting matches your certificate CN. For example:

Code: Select all

<VirtualHost _default_:443>
        ServerAdmin webmaster@yourdomain.com
        ServerName cloud.yourdomain.com
        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>


I hope this helps someone.

-g


Many thanks this post helped me solve my problem :)

tripflex
Newbie
Posts: 1
Joined: Mon Dec 10, 2012 8:07 pm

Re: Sync client Error: SSL handshake failed

Postby tripflex » Mon Dec 10, 2012 8:09 pm

For anybody having this problem you MUST make sure you have

ServerName mydomain.com

In the Apache VirtualHost section, otherwise it will not work.


  • Similar Topics
    Replies
    Views
    Last post

Return to “ownCloud desktop sync clients”

Who is online

Users browsing this forum: No registered users and 1 guest