Nextcloud CalDAV calendars through HTTPS do not work with TB 91
Categories
(Calendar :: Provider: CalDAV, defect)
Tracking
(Not tracked)
People
(Reporter: gwylohm, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0
Steps to reproduce:
Add Nextcloud CalDAV calendars via HTTPS
Detail : https://support.mozilla.org/fr/questions/1355699
Actual results:
Error message which says that the login credentials are not accepted
But when 'http: //' is used instead of 'https: //' , Thunderbird can finally connect to Nextcloud CalDAV calendars
Expected results:
Connect to Nextcloud calendars through HTTPS and show the list of existing calendars
Comment 1•3 years ago
•
|
||
But when 'http: //' is used instead of 'https: //' , Thunderbird can finally connect to Nextcloud CalDAV calendars
So there's some certificate issue on the nextcloud server?
(In reply to Magnus Melin [:mkmelin] from comment #1)
But when 'http: //' is used instead of 'https: //' , Thunderbird can finally connect to Nextcloud CalDAV calendars
So there's some certificate issue on the nextcloud server?
Hi,
Maybe, but with TB 78 on another computer, it works perfectly through HTTPS.
On another hand, I just tried with a Nextcloud on a VPS and it worked through HTTPS.
The problematic Nextcloud is installed on a shared server, but I didn't change anything about the certificate.
Comment 3•3 years ago
|
||
I think you'll have to track down what is wrong with the certificate.
Nothing major changed (AFAIR), but minor changes could cause such things. Like if the domain in the meanwhile got added to the lists of sites that have pinned certificates (HSTS). xref bug 1429644
Maybe you can check if SSL is working ok by using some of the methods listed here: https://devanswers.co/test-server-tls-1-2-ubuntu/
(if you don't have linux, there are some links to websites that test TLS/SSL at the end)
Thanks rapettif.
I checked on ssllabs.com and it says that my server has a overall rating B, due to the support of TLS 1.0 and 1.1.
When I compare the working Nextcloud server and the dysfunctional one on ssllabs.com, this is what I can see:
- TLS 1.0 and 1.1 are supported on the dysfunctional server but no on the working one
- TLS 1.3 is supported on both
- SSL 2 and SSL 3 are not supported on both
- There is no DNS CAA for the dysfunctional one
- Both have no SNI
- The dysfonctional one obtains "no" to Session resumption (caching).
So, is support of TLS 1.0 and 1.1 the problem ?
It seems odd to me that a client would reject a server, if the server supports TLS 1.3, even if it also accepts TLS 1.0. But you could try disabling TLS 1.0 and 1.1 and see what happens.
Unfortunately, I can't disable TLS 1.0 and 1.1 on my shared server to see what happens.
Comment 8•1 year ago
|
||
Reporter,
Does this issue still fail for you when using version 102?
If it does, please comment with current steps to reproduce.
Resolved per whiteboard
Description
•