Rocket.Chat.ReactNative icon indicating copy to clipboard operation
Rocket.Chat.ReactNative copied to clipboard
verified publisher icon RocketChat

[TLSv1.3] App stopped working on iOS and Android

Open leitmori opened this issue 5 years ago • 7 comments

Description:

Login does not work on iOS and Android. Logged-in users only see the "Waiting for network..." notice. No problems in desktop app or browser.

Environment Information:

  • Rocket.Chat Server Version: 3.10.5
  • Rocket.Chat App Version: 4.14.0
  • Device Name: iPhone 12 / Samsung SM-J530F
  • OS Version: iOS 14.4 / Android 9

Steps to reproduce:

  1. Enter workspace URL
  2. Enter credentials
  3. Press "Login"

Expected behavior:

User is now logged in and can chat.

Actual behavior:

Nothing happens.

Additional context:

Affects both SAML users and local users. SAML users see the login screen again after successful authentication. Debug log contains only server.js:204 API ➔ debug POST: /api/v1/login.

Access log: Screen Shot 2021-01-28 at 12 47 15

Nginx config (running under Plesk Obsidian):

location ~ ^/.* {
	proxy_pass http://127.0.0.1:3000;
	proxy_set_header Host             $host;
	proxy_set_header X-Real-IP        $remote_addr;
	proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;

	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_set_header X-Forward-Proto http;
	proxy_set_header X-Nginx-Proxy true;
	proxy_http_version 1.1;

	proxy_redirect off;
}

leitmori avatar Jan 28 '21 11:01 leitmori

Do you see the issue on https://open.rocket.chat?

diegolmello avatar Jan 28 '21 12:01 diegolmello

No, it works with https://open.rocket.chat

leitmori avatar Jan 28 '21 12:01 leitmori

Ok. Can you create a test user for me on your server and send the credentials to https://open.rocket.chat/direct/diego.mello? Then I can add it to next sprint. Thanks.

diegolmello avatar Jan 28 '21 12:01 diegolmello

I just looked into more log files of our server. Tonight Plesk Obsidian 18.0.33 was installed, updating the "TLS versions and ciphers by Mozilla" (https://statics.tls.security.mozilla.org/server-side-tls-conf-5.0.json). The "Modern" preset we selected (TLSv1.3) seems to break the app, no problems with the "Intermediate" preset.

leitmori avatar Jan 28 '21 12:01 leitmori

We will temporarily use the "Intermediate" preset with TLSv1.2 support.

leitmori avatar Jan 28 '21 14:01 leitmori

Same problems here... not even a login page showing on Smartphone/Android...

Environment Information: Rocket.Chat Server Version: 3.11.0 Rocket.Chat App Version: 4.14.0 Device Name: Google Pixel 5 OS Version: Android 11

Address: chat.mdc-ce.de

Enabling lower TLS did not help... not even 1.2 or 1.1

torygg avatar Feb 06 '21 12:02 torygg

We have the same symptoms. Logged in users see "Waiting for network..." and if you want to login nothing happens after pressing the login button.

I tried debugging with the iOS simulator, but couldn't get it working 1-2-3. I'm willing to debug it further but then I can use some assistance.

hugoboos avatar Jun 12 '22 15:06 hugoboos

Is this still actual? Have Setup new Rocket.Chat Server (5.2) with Apache Reverse Proxy and have big Problems with the Mobile Android App... Thanks.

Brudertac avatar Nov 10 '22 11:11 Brudertac

Yes. TLS 1.3 is an issue on mobile apps still. Apple still doesn't have support for it on Websockets, for example.

diegolmello avatar Nov 10 '22 12:11 diegolmello