Jump to content
Enpass Discussion Forum

WebDav sync not working


etroska
 Share

Recommended Posts

Hello,

I use Enpass with version 6.7.4 (933) and as Webdav share I use a Nextcloud version 23.0.0.

The problem is, it is not possible to sync the shares. Enpass always said, that I should check my username and my password.

So I debugged a bit and found out, that the share is easy to mount with a linux webdav client.

 

Now I dived deeper:

I checked the server side and found out, that there are no requests from my enpass client to my nginx reverse proxy (checked the access logs).

I started a sniffer on my client site, and saw the following output:

image.png.acc6e0d04ec69e5a29c04f261e768879.png

This looks like, that the client is not able to create a TLS connection.

Maybe the ciphers are too strong?

 

The logfiles in enpass are a bit confusing:

Info: [HTTP]  CURLSSLOPT_NO_REVOKE
Info: [HTTP]  Using AUTO Proxy detection
Info: [HttpClient] https://nextcloud.lasse-wackers.de/remote.php/dav/files/lasse/ curlresultcode: 35 responseheaders:
Info: [HTTP]  CURLE_SSL_CONNECT_ERROR try again
Info: [HTTP]  ****Unable to verify server certificate *****
Info: [HTTP]  CURLSSLOPT_NO_REVOKE
Info: [HTTP]  Using AUTO Proxy detection
Info: [HttpClient] https://nextcloud.lasse-wackers.de/remote.php/dav/files/lasse/ curlresultcode: 35 responseheaders:
Info: [HTTP]  CURLE_SSL_CONNECT_ERROR try again
Info: [HTTP]  ****Unable to verify server certificate *****
Info: [HTTP]  CURLSSLOPT_NO_REVOKE
Info: [HTTP]  Using AUTO Proxy detection
Info: [HttpClient] https://nextcloud.lasse-wackers.de/remote.php/dav/files/lasse/ curlresultcode: 35 responseheaders:
Info: [HTTP]  CURLE_SSL_CONNECT_ERROR try again
Info: [HTTP]  ****Unable to verify server certificate *****
Info: [HTTP]  CURLSSLOPT_NO_REVOKE
Info: [HTTP]  Using AUTO Proxy detection
Info: [HttpClient] https://nextcloud.lasse-wackers.de/remote.php/dav/files/lasse/ curlresultcode: 35 responseheaders:
Info: [HTTP]  CURLE_SSL_CONNECT_ERROR try again
Info: [HTTP]  ****Unable to verify server certificate *****

It is confusing because the certificate is valid and the reason, why the TLS connection cannot be established, is not the certificate.

 

Is there anyone who has an idea?

Cheers, Etroska

 

Edited by etroska
Link to comment
Share on other sites

Hi @etroska,

Welcome to the Enpass Community.

Thank you for sharing the details along with the logs, I have duly noted your feedback and the same has been forwarded to the concerned team for further investigation. To iron out this issue please share the following details.

  1. On which Device (along with the OS version) you are facing this issue?
  2. Share the demo account of NextCloud (if possible) and share its login-id and password along with the URL.

Note: For security reasons either share the demo account details in the personal message on Forum or mail us at support@enpass.io (add your forum link and username so that we can identify you). 

#SI-2490

Link to comment
Share on other sites

  • 2 weeks later...
  • 3 weeks later...

Ok. I found the Problem.
In short; Enpass is not able to communicate with TLS1.3 Webdav shares.

I thought that already, and I changed the virtual host in my nginx configuration to TLS1.2. After that, the webdav share was still not able to connect.

Now we come to the part that I don't know yet:

I had two configuration files in my nginx reverse Proxy:

[root@server ~]# ls -1 /etc/nginx/conf.d/
01-website.conf
02-nextcloud.conf

In the 01-website.conf file, I set the TLS setting to tls1.3:

ssl_protocols TLSv1.3;

In the 02-nextcloud.conf file, which is responsible for my nextcloud instance, I set version 1.3 and 1.2:

ssl_protocols TLSv1.3 TLSv1.2;

 

Now I thought, that the virtual server for nextcloud is able to communicate with TLSv1.3 and TLSv1.2. But this is unfortunately wrong.

Nginx takes the first configuration file, in my case 01-website.conf, and enabled only TLSv1.3. All other methods are disabled now for all virtual hosts.

I thought, that the server name indication ensured, that nginx will offer the settings (TLS1.2) from my 02-nextcloud.conf. But I think, that the server name indication will take effect after the first TLS connection. So the only available TLS version is TLSv1.3.

 

What I did:

I created a new file 00-defaults.conf and enabled TLSv1.2 and TLS1.3.

In the 01-website.conf I enabled only TLSv1.3

In the 02-nextcloud.conf I enabled TLSv1.2 and TLS1.3.

Now I was able to connect via TLSv1.2 against the nextcloud virtual host and the webdav sync worked.

 

Cheers, Etroska

 

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...