Are you running Android V7?
Hi, we have done more tests and can reproduce it, however we can’t reproduce it with sites we host, we suspect something wrong in your configuration (probably SSL configuration). We are at our annual meeting for the next week, and I wanted to give you the latest info we have on the subject.
Thanks so much for looking into this Joffrey! That’s good news. Harm is the technical person so he will have to look at the installation. Anything in particular he should check out?
I’d start by comparing the test results of your domain and
try.discourse.org at SSL Labs.
Oh, and I’d definitely fix the issue with your certificate chain. You’ll find a warning in the test results…
I’ve fixed the chain issue (removed the CA root from ssl.crt) but the app still doesn’t work on a Samsung Phone with Android 7.x.
The problem can only be reproduced on Samsung phones with Android 7.x. On other Android devices everything works fine.
The problem is solved. After looking at the SSLLabs results again i noticed a difference between the Android 7.0 handhake. Our site gave ECDH secp384r1 while your site gave ECDH secp256r1. After some googling i landed on the following site:
So there seems to be a bug in Android 7.0. I now changed the line “ssl_ecdh_curve secp384r1” to “ssl_ecdh_curve prime256v1” in “web.ssl.template.yml” and after a rebuild the app started working.
Requirements to run the Android App
I read some things about samsung needing older ciphers but it was for older phones. Glad you sorted it out!
Wow excellent sleuthing! Sure glad that someone created Stack Overflow so we could use it to figure this out
Thanks everybody for your time and energy!
This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.