Closed Bug 1738951 Opened 3 years ago Closed 1 year ago

Nextcloud CalDAV calendars through HTTPS do not work with TB 91

Categories

(Calendar :: Provider: CalDAV, defect)

Product:
Calendar
Component:
Provider: CalDAV
Version:
Thunderbird 91
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: gwylohm, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0

Steps to reproduce:

Add Nextcloud CalDAV calendars via HTTPS
Detail : https://support.mozilla.org/fr/questions/1355699

Actual results:

Error message which says that the login credentials are not accepted
But when 'http: //' is used instead of 'https: //' , Thunderbird can finally connect to Nextcloud CalDAV calendars

Expected results:

Connect to Nextcloud calendars through HTTPS and show the list of existing calendars

But when 'http: //' is used instead of 'https: //' , Thunderbird can finally connect to Nextcloud CalDAV calendars

So there's some certificate issue on the nextcloud server?

Component: Untriaged → Provider: CalDAV
Product: Thunderbird → Calendar

(In reply to Magnus Melin [:mkmelin] from comment #1)

But when 'http: //' is used instead of 'https: //' , Thunderbird can finally connect to Nextcloud CalDAV calendars

So there's some certificate issue on the nextcloud server?

Hi,
Maybe, but with TB 78 on another computer, it works perfectly through HTTPS.
On another hand, I just tried with a Nextcloud on a VPS and it worked through HTTPS.
The problematic Nextcloud is installed on a shared server, but I didn't change anything about the certificate.

I think you'll have to track down what is wrong with the certificate.
Nothing major changed (AFAIR), but minor changes could cause such things. Like if the domain in the meanwhile got added to the lists of sites that have pinned certificates (HSTS). xref bug 1429644

Maybe you can check if SSL is working ok by using some of the methods listed here: https://devanswers.co/test-server-tls-1-2-ubuntu/
(if you don't have linux, there are some links to websites that test TLS/SSL at the end)

Thanks rapettif.
I checked on ssllabs.com and it says that my server has a overall rating B, due to the support of TLS 1.0 and 1.1.
When I compare the working Nextcloud server and the dysfunctional one on ssllabs.com, this is what I can see:

  • TLS 1.0 and 1.1 are supported on the dysfunctional server but no on the working one
  • TLS 1.3 is supported on both
  • SSL 2 and SSL 3 are not supported on both
  • There is no DNS CAA for the dysfunctional one
  • Both have no SNI
  • The dysfonctional one obtains "no" to Session resumption (caching).

So, is support of TLS 1.0 and 1.1 the problem ?

It seems odd to me that a client would reject a server, if the server supports TLS 1.3, even if it also accepts TLS 1.0. But you could try disabling TLS 1.0 and 1.1 and see what happens.

Unfortunately, I can't disable TLS 1.0 and 1.1 on my shared server to see what happens.

Reporter,
Does this issue still fail for you when using version 102?
If it does, please comment with current steps to reproduce.

Whiteboard: [closeme 2023-01-20]

Resolved per whiteboard

Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Resolution: --- → INCOMPLETE
Whiteboard: [closeme 2023-01-20]
You need to log in before you can comment on or make changes to this bug.