Bug#718265: gvfs-backends: fails to mount secure WebDAV: SSL Handshake failed. server supports ECDH only.

Sebastian Birkl siriuz88 at gmail.com
Mon Jul 29 13:30:23 UTC 2013 

Package: gvfs-backends
Version: 1.16.3-1
Severity: important

Dear Maintainer,
i tried to mount a secure WebDAV share with GVFS (gvfs-mount and Xfce) and it fails with Error mounting location: HTTP Error: SSL handshake failed.
The server supports ECDH ciphers only and the CA is imported into the system located at /usr/local/share/ca-certificates.
Server CA is located at http://reb00t.wtf.im/reb00t.crt
WebDAV at https://reb00t.wtf.im/remote.php/webdav/

Wget is also telling me that something is wrong. (dont worry about the ip address, just a LAN workaround for a not working nat reflection)
~ $ wget https://reb00t.wtf.im
--2013-07-29 15:26:43--  https://reb00t.wtf.im/
Resolving reb00t.wtf.im (reb00t.wtf.im)... 192.168.2.254
Connecting to reb00t.wtf.im (reb00t.wtf.im)|192.168.2.254|:443... connected.
GnuTLS: A TLS fatal alert has been received.
Unable to establish SSL connection.

nginx config:
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-SHA:!MEDIUM:!LOW:!RC4:!aNULL:!MD5:!kEDH;

Iceweasel / Icedove and Android can connect without a problem.
And i am not planning to enable other ciphers.

If i am doing something wrong, please tell me.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.9-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gvfs-backends depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.16.1-1
ii  gvfs                                         1.16.3-1
ii  gvfs-common                                  1.16.3-1
ii  gvfs-daemons                                 1.16.3-1
ii  gvfs-libs                                    1.16.3-1
ii  libarchive13                                 3.1.2-7
ii  libavahi-client3                             0.6.31-2
ii  libavahi-common3                             0.6.31-2
ii  libavahi-glib1                               0.6.31-2
ii  libbluetooth3                                4.101-2
ii  libc6                                        2.17-7
ii  libcdio-cdda1                                0.83-4
ii  libcdio-paranoia1                            0.83-4
ii  libcdio13                                    0.83-4
ii  libdbus-1-3                                  1.6.12-1
ii  libdbus-glib-1-2                             0.100.2-1
ii  libexpat1                                    2.1.0-4
ii  libgcrypt11                                  1.5.2-3
ii  libglib2.0-0                                 2.36.3-3
ii  libgoa-1.0-0                                 3.8.2-1
ii  libgphoto2-2                                 2.4.14-2.1
ii  libgphoto2-port0                             2.4.14-2.1
ii  libgtk-3-0                                   3.8.2-3
ii  libgudev-1.0-0                               175-7.2
ii  libimobiledevice2                            1.1.1-4
ii  libmtp9                                      1.1.6-2
ii  libplist1                                    1.8-1
ii  libsmbclient                                 2:3.6.16-2
ii  libsoup-gnome2.4-1                           2.42.2-6
ii  libsoup2.4-1                                 2.42.2-6
ii  libxml2                                      2.9.1+dfsg1-2
ii  psmisc                                       22.20-1

Versions of packages gvfs-backends recommends:
ii  gnome-keyring  3.8.2-2

Versions of packages gvfs-backends suggests:
pn  obex-data-server  <none>
ii  samba-common      2:3.6.16-2

-- no debconf information

More information about the pkg-gnome-maintainers mailing list