Servers that enforce SNI are not supported

[CEbhNwPM]

Problem scope

• I'm sure that this is a DAVx⁵ problem.

App version

• I'm using the latest available DAVx⁵ version.

Android version and device/firmware type

Android 15

Steps to reproduce

1. Set up a self-hosted CalDAV/CardDAV server with e.g. nginx and radicale.
2. Set up an account for this radicale instance, verify that everything works.
3. Configure the webserver to refuse client connection attempts that do not include SNI in their TLS client hello.

Actual result

Connection failure when attempting to sync, with log:

javax.net.ssl.SSLHandshakeException: Read error: ssl=0xb400d7b6a4f5d0c8: Failure in SSL library, usually a protocol error
	error:10000458:SSL routines:OPENSSL_internal:TLSV1_ALERT_UNRECOGNIZED_NAME 

Expected result

Successful connection and sync.

Further info

I have a self-hosted radicale behind nginx, which has a fallback server block configuration like this:

server {
    listen 443 default_server ssl;
    listen [::]:443 default_server ssl;
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;

    ssl_reject_handshake on;

    location / {
        return 444;
    }
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name myserver 192.168.1.2;
    ssl_certificate ...;
    ssl_certificate_key ...;

    location /radicale/ {
        proxy_pass        ...
        proxy_set_header  X-Script-Name /radicale;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header  Host $http_host;
        proxy_pass_header Authorization;
    }
}    
    

I omitted parts of the config that are not relevant.
Without this fallback block, everything works fine, DAVx5 can connect and sync with radicale.

The purpose of this is to reject connections that do not specify a hostname that is served by the server. Otherwise, nginx defaults to serving the first server block in its configuration, even if the requested hostname does not match the server_name in that block.

With this fallback block, DAVx5 reports:

javax.net.ssl.SSLHandshakeException: Read error: ssl=0xb400d7b6a4f5d0c8: Failure in SSL library, usually a protocol error
	error:10000458:SSL routines:OPENSSL_internal:TLSV1_ALERT_UNRECOGNIZED_NAME 

A quick test with OpenSSL shows that this is probably due to not including Server Name Indication (SNI) in the TLS handshake:

# This fails
$ openssl s_client -connect myserver:443
...
007EB84ABA7F0000:error:0A000458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name:ssl/record/rec_layer_s3.c:909:SSL alert number 112
...

# This works
$ openssl s_client -connect myserver:443 -servername myserver
# successful connection info, omitted for privacy

[rfc2822]

Should work without problems, as DAVx5 uses SNI.

Also I have tried to reproduce with ssl_reject_handshake for the default host. Connections with wrong host name are rejected as expected, and DAVx5 still syncs (with the correct host name).

Can you provide a host name so that I can have a look?

[CEbhNwPM]

I cannot provide a hostname, my server is in a private network. But this gave me an idea. I enabled nginx debug logging to see details about the TLS handshake attempts. It seems DAVx5 (or the SSL library?) only sends a server name in the Client Hello, if the server name is an FQDN.

Setting server_name myserver myserver.lan 192.168.1.2; in my radicale server block:

192.168.1.2 - does not work: nginx log says "SSL server name: null"
myserver - does not work: nginx log says "SSL server name: null"
myserver.lan - works: nginx log says "SSL server name: myserver.lan"

I do not have this problem with Thunderbird, where I only specify "https://myserver/radicale/...".

Aside from testing, I actually use the local IP address in DAVx5 to connect (it's included as a Subject Alt Name in the certificate). I need to do this because I've set an external "Private DNS" server in Android, and then of course Android cannot resolve local hostnames or zones. Unlike desktop OSes, Android does not seem to have a hosts file or similar for manual overrides.

So for this to work in my use case, hostnames and even IP addresses would have to be sent in SNI, if that's what the URL contains. If the SSL library does not support this, the only workaround I have is to not use ssl_reject_handshake.

Edit: The latest applicable RFC, RFC 6066, states:

Currently, the only server names supported are DNS hostnames.

OpenSSL from the command line does not set the server name when using a hostname or IP. Thunderbird is configured with "https://myserver/radicale/..." and does send the hostname as server name.

Edit 2: The RFC also states:

Literal IPv4 and IPv6 addresses are not permitted in "HostName".

TL;DR: We should not try to enforce SNI on servers that we want to connect to with just a hostname, and we cannot enforce SNI on servers that we want to connect to with just an IP address (with a valid certificate for it, still). Fair enough.

And one more edit: I only thought this is a DAVx5 issue because all other clients I use (Thunderbird, Firefox, Vanadium) are able to connect using just a hostname.