ODK Collect Error: No peer certificate after server security change to SSLProtocol +TLSv1.2 +TLSv1.1 (instead of Tls1)

For many years we have been using ODK Collect on Android tablets with great pleasure.
Recently our server administrator started using SSLProtocol +TLSv1.2 +TLSv1.1 (instead of Tls1) for security reasons.
From that moment on we had an “Generic exception: No peer certificate” error uploading files to our Unix RedHat 6.10 server.

We are using ODK Collect v.1.17.2 on Android devices (tablets and smartphones).

For security reasons we can not return to TLS1.

Does this error sound familiar?
Is there a solution available!

Thanks you for your support.

Welcome to the ODK forum, @franksantegoets! When you get a chance, please introduce yourself here. I'd also encourage you to add a real picture as your avatar because it helps build community.

"No peer certificate" is generally a problem with the server certificate. Here's what I would try.

  • Try https://www.ssllabs.com/ssltest and https://www.sslshopper.com/ssl-checker.html to make sure the chain of certs is working.
  • Using the phone's browser, navigate to the server website and see if that works.
  • If you are using a very old Android version, it might be good to upgrade to a more recent version with better support for certs. If you can't upgrade, try to find a more recent device and see if that works better.

@yanokwa

Thank you very much for your reply and kind welcome.

I have tried all three suggestions, to no avail.

Our IT department have tempororarily reset security level to TLSv1.0, but they won't allow low security in the near future.

Is there a setting in ODK Collect to change the TLS version?
Or has anyone another solution?

Thanks ever so much for you reply!

@franksantegoets I've filed the issue at https://github.com/opendatakit/collect/issues/2679 so we can discuss it with the developer community. It's not straight-forward. Does your IT department have developers that could contribute a fix to the code?

@yanokwa

Thank you for submitting this issue!

Unfortunately, we don't have Java developers available.

I wanted to highlight that ODK Collect v1.23 now enables TLSv1.2 for older Android versions. It sounds like @franksantegoets tried newer devices and still had problems so this may be a different issue but in case anyone runs into this with an older Android device, Collect v1.23 should fix it.