Page 1 of 1

Tonido Android app vs Let's Encrypt certificate vs SSL v3 error

Posted: Tue Jul 17, 2018 3:52 am
by jules13

I've been using Tonido in the following setup for about 3 years now:
- Windows 10 Pro machine
- Tonido Pro running as a windows service
- HTTPs enabled
- Clients: Android app and web browser

Recently after renewing the certificate, which also coincided with a Windows update, I could no longer acces the tonido server from any android device throuh the app. From web browser it was ok.
The error on the client app was "Failed to contact server".
The error in tonido log was: sslv3 error - certificate unknown.

I'm writing here my fix, maybe it will help others.
I am not sure of the exact cause( windows update or something changed at the CA level of the ssl certificate).
Anyway, this is what I did:
1. Enabled SSLv3 in windows registry ( this is easy to find on google). I figured that the default secure protocol on win 10 now is TLSv1.2. Since Tonido server has not received an update unfortunatelly since a long time, I'm thinking it's stuck on SSLv3, maybe Madhan can confirm
2. In serverca.pem file in the tonido install folder I found the list of CAs certificates. It has a disclaimer stating that it is built from the list of Mozilla, but it was quite old. I added the root CA and backup certificates of Lets Encrypt (they are available on their site)

These 2 fixes resolved my issue, but I dont know if only one of them would have been enough.
It was strange because pevious LetsEncrypt certificates worked fine.
Anyway, hope it helps.