Jens, if you're able to work around this issue in CBL, that would be great! I'm able to get things working on my develop machine by limiting nginx to TLSv1, but there are a lot of SSLv3 handshake messages in my error log. I'm guessing that maybe the connecting infrastructure for some clients force SSLv3? If not SSLv3, I would certainly like to be able to enable TLSv1.1 and TLSv1.2. Is there anything you could do to make this possible?
Op donderdag 2 oktober 2014 23:21:40 UTC+2 schreef Jens Alfke: > > > On Oct 2, 2014, at 10:25 AM, David Quon <[email protected] > <javascript:>> wrote: > > This was fixed on the server side by hardcoding to always use TLS v1 which > is supported by iOS 8. We tried all different combinations of TLS v1.1 and > v1.2 but the only one that wouldn't cause the problem above was always > using TLS v1. This is not an ideal fix but it worked for us. If anyone > else finds a more graceful solution please post. > > Here's a couple of links that led us to the "solution": > > https://github.com/AFNetworking/AFNetworking/issues/2314#issuecomment-56664366 > > http://stackoverflow.com/questions/25914248/ios-8-has-broken-ssl-connection-in-my-app-cfnetwork-sslhandshake-failed-9806 > > > These look like different issues — the first thread is about a bug in > keep-alive connection handling, while the second is about SSL handshakes. > How do these relate? > > Jens as usual you were correct in this failure being a lower level > problem. :+1: > > > I've found it's usually a good tactic to blame bugs on something else ;-) > But seriously, there might be wiggle room here to work around this in CBL. > From the descriptions on stackoverflow, it sounds like this has to do with > certificate checking, not the mechanics of the handshake protocol. We might > be able to change how we check the server cert. > > Do you have any easy steps to reproduce this? We haven't run into it here, > but I don't know if we've actually tested SSL connections on an iOS 8 > device. Is your SSL server just Sync Gateway itself, or do you have a > proxy/gateway doing it? > > —Jens > -- You received this message because you are subscribed to the Google Groups "Couchbase Mobile" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/mobile-couchbase/a4e73e70-9f4a-48a5-badd-322f58373cb1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
