Sync Client 1.2.0 - SSL handshake failed: SSL error: parse tlsext

[ranger81]

Hi,

I'm using owncloud 4.5.6 on my debian squeeze server (latest security patch level) with StartSSL certificate and receiving the error SSL handshake failed: SSL error: parse tlsext in Sync client version 1.2.0 (also attached as screenshot).

I'm receiving this error after round about 5 minutes after sync started.

Sync client 1.1.4 works fine, I get this error only after updating to 1.2.0 sync client.
For me this looks like an issue with openssl/libneon library used in 1.2.0 sync client.

Environment:

Debian Squeeze
owncloud 4.5.6
OpenSSL 0.9.8o
Apache2 2.2.16
PHP 5.3.3
mySQL 5.1.66
Sync Client 1.2.0 on Windows 7 client

URL to owncloud is: https://www.domain.tld/cloud/
StartSSL certificate is valid for domain.tld and www.domain.tld.

Client Log:

    01-30 08:02:35:310 oc_module: opendir method called on ownclouds://domain.tld/cloud/remote.php/webdav/clientsync/Visual Studio Projects/Visual Studio 2008/Projects/cs_itsm_lookupusermembership/cs_itsm_lookupusermembership/bin/Debug
    01-30 08:02:35:435 oc_module: Neon error code was 1
    01-30 08:02:35:435 oc_module: WRN: propfind named failed with 1, request error: SSL handshake failed: SSL error: parse tlsext
    01-30 08:02:35:435 oc_module: Errno set to 10013
    01-30 08:02:35:435 csync_ftw: opendir failed for ownclouds://domain.tld/cloud/remote.php/webdav/clientsync/Visual Studio Projects/Visual Studio 2008/Projects/cs_itsm_lookupusermembership/cs_itsm_lookupusermembership/bin/Debug - Unknown error (errno 10013)
    01-30 08:02:35:435 oc_module: closedir method called 0308ef98!
    01-30 08:02:35:435 oc_module: closedir method called 0a2650e0!
    01-30 08:02:35:435 oc_module: closedir method called 0335d3c8!
    01-30 08:02:35:435 oc_module: closedir method called 0573a670!
    01-30 08:02:35:435 oc_module: closedir method called 0573a530!
    01-30 08:02:35:435 oc_module: closedir method called 0573a350!
    01-30 08:02:35:435 oc_module: closedir method called 05739790!
    01-30 08:02:35:435 csync_update: Update detection for remote replica took 310.51 seconds walking 3342 files.
    01-30 08:02:35:435  #### ERROR csync_update:  "CSync konnte eine bestimmte Datei nicht finden.<br/>Systemnachricht:SSL handshake failed: SSL error: parse tlsext"
    01-30 08:02:35:435 CSync run took  310648  Milliseconds
    01-30 08:02:35:435 virtual void Mirall::WatcherThread::run() Change detected in "C:/Users/username\ownCloud" from Mirall::WatcherThread(0x574daf0)
    01-30 08:02:35:451 -> CSync Finished slot with error  true
    01-30 08:02:35:451   ** error Strings:  ("CSync konnte eine bestimmte Datei nicht finden.<br/>Systemnachricht:SSL handshake failed: SSL error: parse tlsext")
    01-30 08:02:35:451     * owncloud csync thread finished with error
    01-30 08:02:35:451 Starting Event logging again in  2000  milliseconds
    01-30 08:02:35:451 OO folder slotSyncFinished: result:  4  local:  false
    01-30 08:02:35:451 ==> load folder icon  "owncloud-framed"
    01-30 08:02:35:451 Returning configured owncloud url:  "https://domain.tld/cloud/remote.php/webdav/"
    01-30 08:02:35:451 Folder in overallStatus Message:  Mirall::ownCloudFolder(0x57c9c88)  with name  "ownCloud"
    01-30 08:02:35:451 Sync state changed for folder  "ownCloud" :  "Error"
    01-30 08:02:35:451 *  "ownCloud" Poll timer enabled with  28312 milliseconds
    01-30 08:02:35:451 <===================================== sync finished for  "ownCloud"
    01-30 08:02:35:451 FolderWatcher::changeDetected when eventsEnabled() -> ignore
    01-30 08:02:35:653 XX slotScheduleFolderSync: folderQueue size:  0
    01-30 08:02:37:463     * event notification  enabled 

[landure]

Hi,

this is perhaps more of a Apache setup problem. Try use this for allowed ssl protocols:

SSLProtocol all -SSLv2 -TLSv1

see:

http://www.svnforum.org/threads/37328-SSL-error-when-doing-a-large-commit
http://serverfault.com/questions/44470/ssl-error-parse-tlsext-on-large-commit-to-svn-via-apache-gentoo

[ranger81]

I already tried this workaround but it didn't solve the issue .
I'm unsure if this issue is really related to my Apache setup because previous sync client 1.1.4 is working properly without error messages.

[landure]

did you apply it on all your ssl virtual host ? it must be consistant across all virtual host, since SSL is initialized by the first virtualhost in apache config.

[ranger81]

yes it was across all hosts. I got a different error message within sync client.
But even if this would work, I'm not happy with this "disable TLS" workaround, because it's not a final solution to disable TLS globally on all apache virt. hosts just for the new sync client version to work. In my opinion something is wrong with the new 1.2.0 version. 1.1.4 works with exactly the same apache settings and TLS enabled.

[danimo]

This is probably a bug in the openssl version we are shipping. 1.1.4 was using GnuTLS, but that had other limitations. We are trying to get a more recent version in.

[nexenator]

Just a bump as we are experiencing the same problem with 4.5.6 (apache/ubuntu) and 1.2.0 (windows7/8). Is there any timetable available as to when the new client/fixed openssl version will be available?

[danimo]

@nexenator: We are working on shipping a package with a newer version of OpenSSL.

[Captain-Rage]

Same problem here. Server is running OwnCloud 4.5.6 on Arch Linux Arm and the clients are running OwnCloud sync client 1.2.0 on an Arch Linux system as well as Windows 7 64 bit (the latter is the one that's having the issues).
However, when I first upgraded the sync client on the Windows system it was actually working, but then I must have done something and now I can't seem to revert it into a working state. Too bad I didn't save the working configuration files (that is, if it's the configuration files that are causing the problem, which I'm not sure about).

[jcarnus]

I have the same error just for one of my folder to synchronize. For 2 others, no problems :) Before this problems, I've got some conflict with this folders :)

[danimo]

Please test with the latest builds from http://download.owncloud.com/download/nightly/. Those should fix the problem.

[Captain-Rage]

Just tried owncloud-1.2.1pre-nightly20130211-setup.exe, and... it is working! Excellent!

[danimo]

Awesome, closing then.

[dragotin]

\o/

[isapiyan]

This seems to be still happening on Mac client both on my own build as well as the nightly build. I tried with ownCloud-1.2.1-nightly20130228.dmg

[pmichard]

same for me on mac. Tested with ownCloud-1.2.1-nightly20130304.dmg

Edit: Solved by editing ServerName in /etc/apache2/sites-enabled/defaut-ssl

Edit 2: after updates and restarts the default-ssl file is resetted, so this is not a solution. I have to edit it each time.

Edit 3: Finally!! It seems to be solved with the new nightly (ownCloud-1.2.2-nightly20130320.dmg)

Thanks to the Devs!!

[isapiyan]

@snoopy159 I tried this 29th nightly build. Still the same. Do you mind contacting me via email (your profile has no email) so I could ask you a few questions (isapiyan at hotmail.com).

The log file indicates:

03-29 15:04:51:749 Returning configured owncloud url: "https://myserver.com:8384/"
03-29 15:04:51:749 Setting up host header: "myserver.com"
03-29 15:04:51:750 Setting config handle "032913150451"
03-29 15:04:53:046 ownCloudInfo Network Error: 6
03-29 15:04:53:046 status.php returns: "" 6 Reply: QNetworkReplyImpl(0x1015f9470)
03-29 15:04:53:046 No proper answer on "https://myserver.com:8384/status.php"

Windows sync client (as well as Android and iOS) are fine.

Another thing, if I key in the server's IP then it works fine.

[isapiyan]

False alarm. The problem was on the Apache side. Fixed by setting the servername correctly.