This post has been de-listed
It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.
I keep seeing people saying that "we don't really need newer android version, 4.2.2 is fine. There's nothing you can't do on it that you can't on a newer version."
Bullshit. If I want to connect an USB DAC because I think the sound quality could be better - that works out of the box since android 5.0, but only with a select few usb audio devices on anything before that.
Bu that's not the topic. The topic is security. I'd like to use the owncloud client on my fairphone. But unfortunately it tries to force SSLv3 and fails, because our server has SSLv3 disabled:
D/OwnCloudClient #11( 7315): javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x5e7b66a8: Failure in SSL library, usually a protocol error
D/OwnCloudClient #11( 7315): error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x59baa890:0x00000000)
This is only a problem for android 4.0-4.3. If you look at the android bug report this also affects twitter and feedly and probably many more: https://code.google.com/p/android/issues/detail?id=78187
Our server also allows to connect with TLSv1.2. Can you guess what I'm about to say? TLSv1.2 is only fully supported in android 4.4 : https://github.com/owncloud/android/issues/362#issuecomment-71622802
As a result, no connection with the owncloud client to our server is possible in our current configuration, because the android version is too old.
The blog post said
While this situation is very frustrating for us at Fairphone as well as for many of our Fairphone owners, practically-speaking, we’re confident that this won’t impact the overall usefulness of our first Fairphones in the near future.
But seriously: Are issues like those not going to get worse and worse very quickly? If you enforce certain security best practices on the server side you today already run into problems that can even make it impossible to connect to these servers. What does "near future" mean?
Subreddit
Post Details
- Posted
- 9 years ago
- Reddit URL
- View post on reddit.com
- External URL
- reddit.com/r/fairphone/c...