after upgrading to Habdroid 2.0 I could not connect to my own cloud-instance.
I get the error message “SSL Handshake failed - maybe you need a valid client certificate”
I tried to activate/deactivate the two options to ignore certificate and hostname, but this doesn’t make any difference.
I also generated client-certificates and configured the nginx to verify the client-certificates, but there is still the error.
When I connect through chrome from the android phone I see, that the certificate is verified and I can connect to the website, so the certificates are ok.
What am I doing wrong?
nobody has an idea?
Could anybody help, please?
I have a similar issue. I have my own (on-prem) openHAB deployment. I have set up Apache to act as a reverse proxy, and do basic auth and SSL client cert auth (using a certificate from a non-public CA) at the same time. It all works fine from a browser.
But when I try to set the openHAB Android app to go through Apache, it just throws me this “SSL Handshake failed - maybe you need a valid client certificate” error message. The CA root certificate is trusted by the phone, obviously. If I set the Android app to “Ignore certificate”, it just tries to reconnect and reconnect and reconnect and…
Meanwhile, in the Apache error log, it says:
SSL Library Error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request – speaking HTTP to HTTPS port!?
Which actually sounds fair, after looking at the network traffic using TCPdump. It looks like as if the Android app tried to initiate a connection using SSL, but after a couple of packets, it switched over to HTTP and issued “GET /rest/sitemaps/_default/_default HTTP/1.1”
If, on Apache, I only leave SSL enabled, and turn off both Basic auth and Certificate auth, the app can connect just fine. If I turn on either of the authentication options on, it fails.
Does anyone have any idea what’s happening here, or how I could debug the traffic from the phone side?
I found my error:
In the nginx configuration I ha ciphers enabled, which produced the error.
(A test with ssl-labs of the site shows only B as result)
After setting the ciphers like mentioned in the openhab-documentation ssl-labs shows A+ and habdroid can connect to the myOpenHab cloud.
Could you share your cipher config/list?
Finally found in the OpenHAB config:
In case anyone is interested, I have also found a solution, or rather a workaround for my problem. I can’t figure out for the life of me why, but SSL and authentication doesn’t work for me with Habdroid and Apache. I set up Nginx instead of Apache, and now everything’s fine and dandy.