[OS X] Upgrade OSX Client to support TLSv1.2 and drop the older, dangerous protocols

[oparoz]

Expected behaviour

Servers should be able to set TLSv1.2 as the minimum supported protocol

Actual behaviour

Servers which have OSX clients connecting to them need to keep TLSv1.0 enabled, which is a security risk

Steps to reproduce

1. Apache config: SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1
2. Connect with OSX client

Client configuration

Client version: 2.2

Operating system: OSX

[guruz]

FYI @danimo @richmoore

[tflidd]

My OS X client 2.2.3 already connects via TLSv1.2 on OS X Mavericks. However, I have other ciphers still enabled (TLS >=1.0). @oparoz is your client not able to connect via TLSv1.2 at all or only if other TLS versions are disabled?

[mkoppmann]

I tested OSX client 2.2.3 on El Capitan with my webserver which serves only TLS1.2 with an ECC P256 key and it fails.

[tflidd]

After update to 2.2.4, I still can connect using the TLSv1.2 RSA ECDH AESGCM(256). Is there a list of supported ciphers on the client?

[mkoppmann]

My server supports only ECDHE-ECDSA-AES256-GCM-SHA384 and ECDHE-ECDSA-AES128-GCM-SHA256. Maybe the client doesn’t support ECDSA?
Strangely, the client works on Linux. Haven’t tested it on Windows.

[tflidd]

Perhaps we should check first, which OS support which cipher of TLSv1.2 and make sure that the NC client supports them as well. Of special interest are mature OS such as CentOS.

Before we disable everything <TLSv1.2, we should perhaps issue a warning first. For some it might be a minor configuration setting but if you need to run a full upgrade on your operating system or you have to change your shared hoster that will take more time. And a non-encrypted fall-back is worse than TLSv1.0 or TLSv1.1.

[oparoz]

The only insecure client is the one for OSX. So if you can ban OSX from your network, do it and tighten the security of your server. TLS1.1 is still OK, but TLS 1.0 has to be avoided.

[guruz]

I can't reproduce this with the 2.2.4 release and nginx.
I do this in my nginx config:

	ssl_protocols TLSv1.1 TLSv1.2;

Is this an Apache issue?
Or do I need to additionally disable some ciphers?

[mkoppmann]

Apparently this happens only with the Nextcloud client, because of the QT version they use on their build system (link to issue).

The Owncloud client works with TLS 1.2 only setups.

[guruz]

Great. The nextCloud client is just a theme anyway.