Also nginx proxied couchDB over here. Changing the protocols in the nginx config to TLSv1 only (removing v1.1, 1.2 and SSLv3) solved this for me. Thanks, would never have guessed this myself!
Op vrijdag 3 oktober 2014 02:52:57 UTC+2 schreef David Quon: > > You're correct Jens those links don't have directly anything to do with > the problem we were facing. I wasn't sure if I should have posted them but > they were the clues we needed to find a temporary workaround to the problem. > > This would be great to find a solution in CBL if possible. Unfortunately > I don't have an easy way to reproduce the problem although I can describe > our setup. > > Initially when we encountered this problem we were using CBL to talk > directly to CouchDB. Our certificate is from GoDaddy and they use an > intermediate certificate to sign our certificate. CouchDB unfortunately > doesn't yet support these chained certificates. In order to handle the > certificate chaining properly we have a Nginx proxy in front of CouchDB. > Nginx handles the certificate chaining fine as we have no problems > communicating to our CouchDB server in a browser or terminal. > > Let me know if any other information would be helpful. Thanks for your > help as always Jens. > > On Thursday, October 2, 2014 2:21:40 PM UTC-7, Jens Alfke wrote: >> >> >> On Oct 2, 2014, at 10:25 AM, David Quon <[email protected]> wrote: >> >> This was fixed on the server side by hardcoding to always use TLS v1 >> which is supported by iOS 8. We tried all different combinations of TLS >> v1.1 and v1.2 but the only one that wouldn't cause the problem above was >> always using TLS v1. This is not an ideal fix but it worked for us. If >> anyone else finds a more graceful solution please post. >> >> Here's a couple of links that led us to the "solution": >> >> https://github.com/AFNetworking/AFNetworking/issues/2314#issuecomment-56664366 >> >> http://stackoverflow.com/questions/25914248/ios-8-has-broken-ssl-connection-in-my-app-cfnetwork-sslhandshake-failed-9806 >> >> >> These look like different issues — the first thread is about a bug in >> keep-alive connection handling, while the second is about SSL handshakes. >> How do these relate? >> >> Jens as usual you were correct in this failure being a lower level >> problem. :+1: >> >> >> I've found it's usually a good tactic to blame bugs on something else ;-) >> But seriously, there might be wiggle room here to work around this in CBL. >> From the descriptions on stackoverflow, it sounds like this has to do with >> certificate checking, not the mechanics of the handshake protocol. We might >> be able to change how we check the server cert. >> >> Do you have any easy steps to reproduce this? We haven't run into it >> here, but I don't know if we've actually tested SSL connections on an iOS 8 >> device. Is your SSL server just Sync Gateway itself, or do you have a >> proxy/gateway doing it? >> >> —Jens >> > -- You received this message because you are subscribed to the Google Groups "Couchbase Mobile" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/mobile-couchbase/7374366f-b44d-46cc-9288-f4fa9753e423%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
