Rocketchat android – SSL handshake failure

chymian · August 25, 2020, 5:13am

Hello,
The android App does not connect to RocketChat@UCS.

rocketchat is installed on UCS 4.4. which is connected to the internet via a HA-Proxy.
it does work for WEB & desktop-app*) access but not for android.
The HA-Proxy uses an UCS-Cert, which is issued for its DNS-name. (works also with nextcloud & Portal).
The CA-Root is imported on the phone.

The android App does not connect, throwing an error-msg, that the URL would not be correct. (In german: Hoppla!, Die eingegeben URL ist ungültig…) - not telling the real pbl.

in the HA-Proxy logs:

Aug 25 06:52:45 hostname haproxy[196]: 103.1.30.36:2357 [25/Aug/2020:06:52:45.132] https-in/1: SSL handshake failure
Aug 25 06:52:46 hostname haproxy[196]: 103.1.30.36:2358 [25/Aug/2020:06:52:45.754] https-in/1: SSL handshake failure
Aug 25 06:52:46 hostname haproxy[196]: 103.1.30.36:2359 [25/Aug/2020:06:52:46.325] https-in/1: SSL handshake failure

As far as i know, latest since android app-version 4.7 self-signed Certs should work?

Versions:

Server: UCS 4.4
Rocket.Chat Version: 3.0.2
NodeJS Version: 12.14.0 - x64
MongoDB Version: 4.0.3

Mobile:
rocketChat: 4.10.0.2135

any hints on that?

on a site note:
*) the desktop app did only find the server with a trailing / at the end of the URL:
https://host.domain.com/rocketchat/
without it, there had been 404 errors form the UCS apache-proxy …

TIA
guenter

chymian · August 28, 2020, 4:32am

bump
what are your experiences wit this kind of setup?

gulden · August 28, 2020, 8:08am

Hello @chymian,

I’m not sure, if it relates to your topic. I just setup a test instance with Rocket.Chat 3.5.3 that has been released to the App Center this week, and I came across the notification:

Notice
Be sure to register your server before July 31, 2020 to keep your mobile notifications flowing.

It links to this posting: https://forums.rocket.chat/t/enforcing-registration-requirement-to-utilize-push-gateway/7545

Maybe it helps.

Best regards,
Nico

chymian · August 29, 2020, 4:53am

@gulden
thanks nico that you take the time to answer
but that is about to register a server with rocket.chat to be able to receive push messages in future.

the pbl. my customer is facing, is that the mobile-app does not work with a UCS-certificate.

greetings
guenter

sing.li · September 16, 2020, 11:38am

hi @chymian

The HA-Proxy uses an UCS-Cert, which is issued for its DNS-name. (works also with nextcloud & Portal).

Does it work on that same android phone with nextcloud Android?

is issued for its DNS-name

What is the actual DNS-name used ?