mac OS client can no longer connect - tls_process_client_hello unsupported protocol

[Marcool04]

This is related to the issues posted in client github issue tracker, but is - I think - a server issue as it has started as of the latest update to server. Client versions seem to make no difference.
See issues:
nextcloud/desktop#4
nextcloud/desktop#5

Note: this is behavior when no user is logged on on client at time of update to server. Issue 5 above in client issue tracker describes what happens when a user is logged on: password prompt appears, and even valid password fails to log on.

Steps to reproduce

1. Install an instance of nextcloud server;
2. Install nextcloud client on mac OS machine;
3. Using nextcloud mac OS client, attempt to connect to nextcloud server.

Expected behaviour

Client should connect

Actual behavior

Connection is refused as if server didn't exist or was unreachable:

On server side logs for apache show:

SSL Library Error: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol

Server configuration

Operating system:
Arch Linux 4.9.53-1-lts x86_64

Web server:
Apache 2.4.28-1

Database:
pgsql 9.6.5-1

PHP version:
php 7.1.10-1

Nextcloud version: (see Nextcloud admin page)
12.0.3

Updated from an older Nextcloud/ownCloud or fresh install:
Updated today

Where did you install Nextcloud from:
Self update

Signing status:

Signing status

No errors have been found.

List of activated apps:

App list

Enabled:
  - activity: 2.5.2
  - admin_audit: 1.2.0
  - calendar: 1.5.5
  - contacts: 2.0.1
  - dav: 1.3.0
  - federatedfilesharing: 1.2.0
  - federation: 1.2.0
  - files: 1.7.2
  - files_downloadactivity: 1.1.1
  - files_pdfviewer: 1.1.1
  - files_reader: 1.0.4
  - files_sharing: 1.4.0
  - files_texteditor: 2.4.1
  - files_trashbin: 1.2.0
  - files_versions: 1.5.0
  - files_videoplayer: 1.1.0
  - firstrunwizard: 2.1
  - gallery: 17.0.0
  - logreader: 2.0.0
  - lookup_server_connector: 1.0.0
  - nextcloud_announcements: 1.1
  - notifications: 2.0.0
  - oauth2: 1.0.5
  - password_policy: 1.2.2
  - provisioning_api: 1.2.0
  - serverinfo: 1.2.0
  - sharebymail: 1.2.0
  - survey_client: 1.0.0
  - systemtags: 1.2.0
  - twofactor_backupcodes: 1.1.1
  - updatenotification: 1.2.0
  - workflowengine: 1.2.0
Disabled:
  - bruteforcesettings
  - comments
  - encryption
  - files_external
  - theming
  - user_external
  - user_ldap

Nextcloud configuration:

Config report

{
    "system": {
        "debug": false,
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "nextcloud.archmacbook.tk"
        ],
        "datadirectory": "\/usr\/share\/webapps\/nextcloud\/data",
        "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
        "overwriteprotocol": "https",
        "dbtype": "pgsql",
        "version": "12.0.3.3",
        "dbname": "nextcloud",
        "dbhost": "127.0.0.1",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "memcache.local": "\\OC\\Memcache\\Redis",
        "filelocking.enabled": true,
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "\/var\/run\/redis\/redis.sock",
            "port": 0
        },
        "loglevel": 0,
        "log_type": "syslog",
        "maintenance": false,
        "cron_log": false,
        "asset-pipeline.enabled": true,
        "ldapIgnoreNamingRules": false,
        "ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
        "instanceid": "ocacpijfkxe4"
    }
}

Apache SSL/TLS configuration:

Config report

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
SSLHonorCipherOrder on 
SSLProtocol -all +TLSv1.2
SSLProxyProtocol -all +TLSv1.2
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/run/httpd/ssl_scache(512000)"
SSLSessionCacheTimeout  300
SSLUseStapling On
SSLStaplingCache "shmcb:/run/httpd/ssl_stapling(32768)"
SSLStaplingStandardCacheTimeout 3600
SSLStaplingErrorCacheTimeout 600

Client configuration

Browser:
standalone
Operating system:
mac Os sierra 10.12.6

[Marcool04]

After a bit more digging, I found the client_theming repository, and it seems this is an old issue with mac OS client not being compatible with TLSv1.2:
nextcloud/client_theming#13
nextcloud/client_theming#152
And this even has users of mac desktops using the ownCloud client with their Nextcloud server instances:
nextcloud/client_theming#202
which seems to work fine...

[nickvergessen]

This should be handled in the client repository which you already linked to.

[Marcool04]

Relevant discussion is in this thread: nextcloud/client_theming#198
(my mistake previously, the "client" repo is obviously not the right one).
And sorry for posting in the server section @nickvergessen, I do see this is a client issue now as the server has no business accepting outdated security protocols.
Regards,
Mark.