My desktop (running kde-connect 1.0) and Android 6.0 devices cannot see my Android 4.4.4 device and my Android 4.4.4 device cannot see any devices on the network. However, Android 6.0 & the desktop can see each other. Clicking refresh makes no difference; switching wireless networks makes no difference. Both Android devices are running 1.4.1. On the desktop, I can clearly see the UDP broadcast from the Android 4.4.4 device, and it doesn't look much different from the packets sent by the Android 6.0 device. Running logcat on the Android 4.4.4 device produces the following output: I/KDE/LanLinkProvider( 2948): Broadcast identity package received from xxx@xxx I/KDE/LanLinkProvider( 2948): Starting SSL handshake with xxx@xxx trusted:false E/KDE/LanLinkProvider( 2948): Handshake failed with xxx@xxx W/System.err( 2948): javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xxxxxxxxx: Failure in SSL library, usually a protocol error W/System.err( 2948): error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher (external/openssl/ssl/s3_srvr.c:1381 0xxxxxxxxx:0x00000000) W/System.err( 2948): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:449) W/System.err( 2948): at org.kde.kdeconnect.Backends.LanBackend.LanLinkProvider$4.run(LanLinkProvider.java:246) W/System.err( 2948): at java.lang.Thread.run(Thread.java:841) W/System.err( 2948): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xxxxxxxxx: Failure in SSL library, usually a protocol error W/System.err( 2948): error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher (external/openssl/ssl/s3_srvr.c:1381 0xxxxxxxxx:0x00000000) W/System.err( 2948): at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) W/System.err( 2948): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:406) W/System.err( 2948): ... 2 more My wild guess is that KDE Connect requires strong ciphers to avoid a downgrade attack, and my Android device is unfortunately too old to support the minimum. If I'm right, I see a few possible resolutions: 0) nothing to do (because my phone manufacturer omitted strong SSL ciphers -- I wouldn't put it past Motorola) 1) update minimum requirements for KDE Connect on Android 2) allow weaker ciphers (possibly with a big red warning during pairing) 3) fallback to RSA encryption Regardless, an error message for this issue would be helpful. Reproducible: Always Steps to Reproduce: 1. Connect Android 4.4.4 device to wireless network 2. Connect desktop to the same wireless network 3. Open KDE Connect on Android; hit refresh 4. Open KDE Connect Settings on desktop; hit refresh Actual Results: No device seen in list of connectable devices Expected Results: Desktop and Android 4.4.4 devices see each other and can be paired.
After downgrading the desktop client to 0.9, I was able to successfully pair the Android 4.4.4 device.
You might want to unpair the devices and pair them again with 1.0 to see if that fixes the problem. If it does not, it might be what you are saying: a compatible cipher mismatch. The version 0.9 used a different encryption mechanism, so that's likely the reason it works after downgrading.
With version 0.9 on Fedora 24 and 1.4.1 on Android 4.4.4, I did the following: 1. Opened KDE Connect on Android & desktop - Verified devices saw one another and were paired 2. Opened KDE Connect Settings on desktop and unpaired the Android device - KDE Connect system tray still had data about the Android, but seemed unresponsive - Android app had a button to "Request Pairing" 3. Rebooted desktop 4. Opened "Recents" on Android and swiped away KDE Connect; restarted KDE Connect - Verifed devices see one another, but are not paired 5. Updated desktop to kde-connect 1.0-1.f24.x86_64 6. Rebooted desktop 7. Opened KDE Connect Settings on desktop and KDE Connect on Android - Noticed that neither device sees the other 8. Connect phone to desktop; run 'adb logcat' 9. Hit refresh on KDE Connect app on Android (see results below) E/KDE/LanLinkProvider( 2948): Handshake failed with xxx@xxx W/System.err( 2948): javax.net.ssl.SSLException: Connection closed by peer W/System.err( 2948): at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) W/System.err( 2948): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:406) W/System.err( 2948): at org.kde.kdeconnect.Backends.LanBackend.LanLinkProvider$4.run(LanLinkProvider.java:246) W/System.err( 2948): at java.lang.Thread.run(Thread.java:841) Please let me know if you have a specific test you'd like me to run.
I have seen something that seems similar to this. I am using Fedora 24 (which just received the 1.0 update). Upon upgrading I could no longer see my Sony Z2 which is running 4.4.4. Downgrading to 0.9 fixes it for me.
Maybe we can add a wider variety of allowed ciphers... We decided on a specific set of ciphers precisely to make sure it would work on as much devices as possible, but with so many Android phones out there it is easy some might not support any of them. It is hard to debug though. Do you guys know how to compile the Android and desktop apps from sources? This way maybe you can test different ciphers yourselves.
I enabled usb debugging and checked the logcat as well : I/KDE/LanLinkProvider( 1804): Starting SSL handshake with rnc@atlantis trusted:false E/KDE/LanLinkProvider( 1804): Handshake failed with rnc@atlantis W/System.err( 1804): javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x71796540: Failure in SSL library, usually a protocol error W/System.err( 1804): error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher (external/openssl/ssl/s3_srvr.c:1381 0x72935d74:0x00000000) W/System.err( 1804): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:448) W/System.err( 1804): at org.kde.kdeconnect.Backends.LanBackend.LanLinkProvider$4.run(LanLinkProvider.java:246) W/System.err( 1804): at java.lang.Thread.run(Thread.java:841) W/System.err( 1804): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x71796540: Failure in SSL library, usually a protocol error W/System.err( 1804): error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher (external/openssl/ssl/s3_srvr.c:1381 0x72935d74:0x00000000) W/System.err( 1804): at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) W/System.err( 1804): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405) W/System.err( 1804): ... 2 more E/KDE/sendPackage( 1804): No device link (of 0 available) could send the package. Package kdeconnect.pair to rnc@atlantis lost! W/System.err( 1804): java.lang.Throwable W/System.err( 1804): at org.kde.kdeconnect.Device.sendPackage(Device.java:629) W/System.err( 1804): at org.kde.kdeconnect.Device.sendPackage(Device.java:605) W/System.err( 1804): at org.kde.kdeconnect.Backends.LanBackend.LanPairingHandler.unpair(LanPairingHandler.java:237) W/System.err( 1804): at org.kde.kdeconnect.Device.unpair(Device.java:270) W/System.err( 1804): at org.kde.kdeconnect.Backends.LanBackend.LanLinkProvider$4$1.onServiceStart(LanLinkProvider.java:255) W/System.err( 1804): at org.kde.kdeconnect.BackgroundService.onStartCommand(BackgroundService.java:305) W/System.err( 1804): at android.app.ActivityThread.handleServiceArgs(ActivityThread.java:2750) W/System.err( 1804): at android.app.ActivityThread.access$2100(ActivityThread.java:144) W/System.err( 1804): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1343) W/System.err( 1804): at android.os.Handler.dispatchMessage(Handler.java:102) W/System.err( 1804): at android.os.Looper.loop(Looper.java:212) W/System.err( 1804): at android.app.ActivityThread.main(ActivityThread.java:5137) W/System.err( 1804): at java.lang.reflect.Method.invokeNative(Native Method) W/System.err( 1804): at java.lang.reflect.Method.invoke(Method.java:515) W/System.err( 1804): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:902) W/System.err( 1804): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:718) W/System.err( 1804): at dalvik.system.NativeStart.main(Native Method) While I haven't compiled up anything on KDE locally of late, or tried uploading a custom package to the phone I'd be happy to give it a go with some guidelines. From what I can see of the code it adds the following ciphers + // Setting supported ciphers manually + // Top 3 ciphers are for new Android devices, botton two are for old Android devices + // FIXME : These cipher suites should be checked whether they are supported or not on device + QList<QSslCipher> socketCiphers; + socketCiphers.append(QSslCipher("ECDHE-ECDSA-AES256-GCM-SHA384")); + socketCiphers.append(QSslCipher("ECDHE-ECDSA-AES128-GCM-SHA256")); + socketCiphers.append(QSslCipher("ECDHE-RSA-AES128-SHA")); + socketCiphers.append(QSslCipher("RC4-SHA")); + socketCiphers.append(QSslCipher("RC4-MD5")); + Is there a way of enabling (more) debug to see what cipher(s) the desktop and android apps are attempting to use?
Would Google Chrome only use the ciphers available on the system? If so, this could be useful: https://www.ssllabs.com/ssltest/viewMyClient.html. According to it, my phone's browser has TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, which look like they're on the list. I am familiar with desktop compilation. I've never built an Android app; I can give it a shot though.
Sifting through the Android code, it looks like the modern ciphers are only available for Lollipop or better: if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) { supportedCiphers.add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"); supportedCiphers.add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"); supportedCiphers.add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"); } else { // Following ciphers are for and due to old devices supportedCiphers.add("SSL_RSA_WITH_RC4_128_SHA"); supportedCiphers.add("SSL_RSA_WITH_RC4_128_MD5"); } Perhaps the TLS ciphers should always be available and the SSL ciphers are only added when less than Lollipop.
I removed the check for Lollipop as you suggested and uploaded a version to the KDE Connect beta channel in the Play Store. Can you test it and see if it works? If you are not in the beta channel, you can join here: https://play.google.com/apps/testing/org.kde.kdeconnect_tp Google Chrome might bring its own ciphers, but I'm not sure about that.
I have tried the beta without success. Unfortunately I don't have a USB lead with me so I cannot give you the logcat information. Would it be useful to add further debugging information?
I'm now uploading a version which will print all the available ciphers when there is an "SSL3_GET_CLIENT_HELLO:no shared cipher" error. When you find a USB cable, can you paste here the new output from logcat? It would be awesome if you can find out which ones are shared between Android and your desktop, and see if enabling them in both sides fixes it.
Ah, I see why the modern ciphers were in an if block: I/KDE/LanLinkProvider( 2956): Identity package received from a TCP connection from xxx@xxx I/KDE/LanLinkProvider( 2956): Starting SSL handshake with xxx@xxx trusted:false ... W/System.err( 2956): java.lang.IllegalArgumentException: cipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is not supported. W/System.err( 2956): at com.android.org.conscrypt.NativeCrypto.checkEnabledCipherSuites(NativeCrypto.java:984) W/System.err( 2956): at com.android.org.conscrypt.OpenSSLSocketImpl.setEnabledCipherSuites(OpenSSLSocketImpl.java:795) W/System.err( 2956): at org.kde.kdeconnect.Helpers.SecurityHelpers.SslHelper.configureSslSocket(SslHelper.java:216) W/System.err( 2956): at org.kde.kdeconnect.Helpers.SecurityHelpers.SslHelper.convertToSslSocket(SslHelper.java:234) W/System.err( 2956): at org.kde.kdeconnect.Backends.LanBackend.LanLinkProvider.identityPackageReceived(LanLinkProvider.java:217) W/System.err( 2956): at org.kde.kdeconnect.Backends.LanBackend.LanLinkProvider.tcpPackageReceived(LanLinkProvider.java:111) W/System.err( 2956): at org.kde.kdeconnect.Backends.LanBackend.LanLinkProvider$6.run(LanLinkProvider.java:340) W/System.err( 2956): at java.lang.Thread.run(Thread.java:841) I/KdeConnect( 2956): Connection state changed, trying to connect Notably, there is always a few lines between the I/KDE/LanLinkProvider and W/System.err lines, suggesting that it takes more time. Looks like I'm learning how to build Android apps tomorrow.
I recommend you use Android Studio. Ask me if you need any help.
Added back the "if Lollipop" to the beta version in the Play Store.
With the 'if' check added back I get I/KDE/LanLinkProvider(16094): Identity package received from a TCP connection from rnc@atlantis I/KDE/LanLinkProvider(16094): Starting SSL handshake with rnc@atlantis trusted:false I/KDE/LanLinkProvider(16094): Identity package received from a TCP connection from rnc@atlantis I/KDE/LanLinkProvider(16094): Starting SSL handshake with rnc@atlantis trusted:false E/KDE/LanLinkProvider(16094): Handshake failed with rnc@atlantis W/System.err(16094): javax.net.ssl.SSLException: Connection closed by peer W/System.err(16094): at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) W/System.err(16094): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405) W/System.err(16094): at org.kde.kdeconnect.Backends.LanBackend.LanLinkProvider$4.run(LanLinkProvider.java:246) W/System.err(16094): at java.lang.Thread.run(Thread.java:841) E/SupportedCiphers(16094): cipher: SSL_RSA_WITH_RC4_128_MD5 E/SupportedCiphers(16094): cipher: SSL_RSA_WITH_RC4_128_SHA E/SupportedCiphers(16094): cipher: TLS_RSA_WITH_AES_128_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_RSA_WITH_AES_256_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_ECDH_ECDSA_WITH_RC4_128_SHA E/SupportedCiphers(16094): cipher: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_ECDH_RSA_WITH_RC4_128_SHA E/SupportedCiphers(16094): cipher: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA E/SupportedCiphers(16094): cipher: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_ECDHE_RSA_WITH_RC4_128_SHA E/SupportedCiphers(16094): cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_DHE_RSA_WITH_AES_128_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_DHE_DSS_WITH_AES_128_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_DHE_DSS_WITH_AES_256_CBC_SHA E/SupportedCiphers(16094): cipher: SSL_RSA_WITH_3DES_EDE_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA E/SupportedCiphers(16094): cipher: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA E/SupportedCiphers(16094): cipher: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA E/SupportedCiphers(16094): cipher: SSL_RSA_WITH_DES_CBC_SHA E/SupportedCiphers(16094): cipher: SSL_DHE_RSA_WITH_DES_CBC_SHA E/SupportedCiphers(16094): cipher: SSL_DHE_DSS_WITH_DES_CBC_SHA E/SupportedCiphers(16094): cipher: SSL_RSA_EXPORT_WITH_RC4_40_MD5 E/SupportedCiphers(16094): cipher: SSL_RSA_EXPORT_WITH_DES40_CBC_SHA E/SupportedCiphers(16094): cipher: SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA E/SupportedCiphers(16094): cipher: SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA E/SupportedCiphers(16094): cipher: SSL_RSA_WITH_NULL_MD5 E/SupportedCiphers(16094): cipher: SSL_RSA_WITH_NULL_SHA E/SupportedCiphers(16094): cipher: TLS_ECDH_ECDSA_WITH_NULL_SHA E/SupportedCiphers(16094): cipher: TLS_ECDH_RSA_WITH_NULL_SHA E/SupportedCiphers(16094): cipher: TLS_ECDHE_ECDSA_WITH_NULL_SHA E/SupportedCiphers(16094): cipher: TLS_ECDHE_RSA_WITH_NULL_SHA E/SupportedCiphers(16094): cipher: SSL_DH_anon_WITH_RC4_128_MD5 E/SupportedCiphers(16094): cipher: TLS_DH_anon_WITH_AES_128_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_DH_anon_WITH_AES_256_CBC_SHA E/SupportedCiphers(16094): cipher: SSL_DH_anon_WITH_3DES_EDE_CBC_SHA E/SupportedCiphers(16094): cipher: SSL_DH_anon_WITH_DES_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_ECDH_anon_WITH_RC4_128_SHA E/SupportedCiphers(16094): cipher: TLS_ECDH_anon_WITH_AES_128_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_ECDH_anon_WITH_AES_256_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA E/SupportedCiphers(16094): cipher: SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 E/SupportedCiphers(16094): cipher: SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA E/SupportedCiphers(16094): cipher: TLS_ECDH_anon_WITH_NULL_SHA E/SupportedCiphers(16094): cipher: TLS_EMPTY_RENEGOTIATION_INFO_SCSV E/KDE/LanLinkProvider(16094): Handshake failed with rnc@atlantis
Well, apparently SSL_RSA_WITH_RC4_128_MD5 and SSL_RSA_WITH_RC4_128_SHA are supported and you should be using them as you are on Android < Lollipop, right? This might mean it's not supported by your computer then? :/
Oh, wait, I crossed both of your comments... so maybe you are seeing different errors each then. masterofexcel, can you check if these two are on your list of supported ciphers?
Tried compiling up git://anongit.kde.org/kdeconnect-kde.git locally using cmake -DCMAKE_INSTALL_PREFIX=`kf5-config --prefix` but after running make install I get Error loading QML file: file:///usr/local/share/plasma/plasmoids/org.kde.kdeconnect/contents/ui/main.qml:24:1: module "org.kde.kdeconnect" is not installed
You might need to turn on KDE_INSTALL_USE_QT_SYS_PATHS in cmake.
Ah! Nice :-) That fixed it. Now how do I persuade the uncommented line: qCDebug(KDECONNECT_CORE) << "SSL Error:" << error.errorString(); to output somewhere useful? (e.g. .xsession-errors)
If you kill the kdeconnectd daemon and launch it manually, you will see the output on the console. To launch it, note that it is installed in "/usr/lib/libexec/kdeconnectd" or something exotic like that. Also note that the daemon is DBus activated, so it might restart automatically before you manually run it if something tries to contact it (eg: the plasmoid or the system settings module).
I was still getting no output until I added " [Rules] *.debug=true " to ~/.config/QtProject/qtlogging.ini. Uncommenting various debug lines I then get in the console kdeconnect.core: Received Udp identity package from QHostAddress("::ffff:172.17.130.41") asking for a tcp connection on port 1716 kdeconnect.core: Socket connected kdeconnect.core: Connected true kdeconnect.core: TCP connection done (i'm the existing device) 7 kdeconnect.core: Starting server ssl (I'm the client TCP socket) kdeconnect.core: Successfully called connect false kdeconnect.core: About to return kdeconnect.core: Datagram {"type":"kdeconnect.identity","id":1473955475522,"body":{"outgoingCapabilities":["kdeconnect.battery","kdeconnect.mousepad.request","kdeconnect.telephony","kdeconnect.ping","kdeconnect.clipboard","kdeconnect.sftp","kdeconnect.notification","kdeconnect.mpris.request","kdeconnect.runcommand.request","kdeconnect.notification.request","kdeconnect.share.request"],"incomingCapabilities":["kdeconnect.telephony.request","kdeconnect.findmyphone.request","kdeconnect.runcommand","kdeconnect.mpris","kdeconnect.battery.request","kdeconnect.ping","kdeconnect.clipboard","kdeconnect.notification","kdeconnect.sms.request","kdeconnect.sftp.request","kdeconnect.notification.request","kdeconnect.share.request"],"protocolVersion":7,"deviceName":"Sony Xperia Z2","deviceType":"phone","deviceId":"83ff9e377a887670","tcpPort":1716}} kdeconnect.core: Received Udp identity package from QHostAddress("::ffff:172.17.130.41") asking for a tcp connection on port 1716 kdeconnect.core: Socket connected kdeconnect.core: Connected true kdeconnect.core: TCP connection done (i'm the existing device) kdeconnect.core: Starting server ssl (I'm the client TCP socket) kdeconnect.core: Successfully called connect isDeviceTrusted: false kdeconnect.core: About to return
The following patch to the android app worked for me: diff --git a/src/org/kde/kdeconnect/Helpers/SecurityHelpers/SslHelper.java b/src/org/kde/kdeconnect/Helpers/SecurityHelpers/SslHelper.java index 5742329..b0ebda0 100644 --- a/src/org/kde/kdeconnect/Helpers/SecurityHelpers/SslHelper.java +++ b/src/org/kde/kdeconnect/Helpers/SecurityHelpers/SslHelper.java @@ -209,9 +209,13 @@ public class SslHelper { // These cipher suites are most common of them that are accepted by kde and android during handshake ArrayList<String> supportedCiphers = new ArrayList<>(); if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) { - supportedCiphers.add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"); - supportedCiphers.add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"); - supportedCiphers.add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"); + supportedCiphers.add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"); // API 20+ + supportedCiphers.add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"); // API 20+ + supportedCiphers.add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"); // API 11+ + } else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.HONEYCOMB) { + supportedCiphers.add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"); // API 11+ + supportedCiphers.add("SSL_RSA_WITH_RC4_128_SHA"); // API 9+ + supportedCiphers.add("SSL_RSA_WITH_RC4_128_MD5"); // API 9+ } else { // Following ciphers are for and due to old devices supportedCiphers.add("SSL_RSA_WITH_RC4_128_SHA"); Is there a better way to submit it?
Looking at the docs, it seems most of the ciphers were introduced in APIs 9 (name change), 11, & 20. Perhaps a second API 11 cipher will round out your list -- 2 for each major API vis-à-vis SSLSocket. Perhaps, just to pick one, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA?
I'm uploading a version with your patch to the beta channel, let's see if it works. It would be nice if you can provide your real name, for the authorship of the patch. A better way to submit patches is using reviewboard [1], but this works as well :) [1] http://reviewboard.kde.org
Nice! This worked for me - I have now paired with 1.0 from F24 and with the beta channel app. Thanks!
Git commit b25ec2d13304e15fe23e4028a5bac403d52de87c by Albert Vaca. Committed on 19/09/2016 at 14:16. Pushed by albertvaka into branch '1.x'. Added cipher list for Android versions between 11 and 21. M +9 -5 src/org/kde/kdeconnect/Helpers/SecurityHelpers/SslHelper.java http://commits.kde.org/kdeconnect-android/b25ec2d13304e15fe23e4028a5bac403d52de87c