Tomboy/Tomdroid/Rainy syncing problems with new SSL Cipher list used in Android 5.0
I had been running Rainy 0.5.0 for about a year. I recently moved to a Nexus
6 phone, with Android 5.0, and per the Android changelog docs there are
changes to which TLS ciphers are used. I am affected by this on my Ubuntu
12.04 server, and I can't figure out how to control the cipher list on the
server-side. I really have loved Tomboy for a long time, but giving up SSH
sync capability because it was never added to tomdroid, using these green-
behind-the-ears solutions for sync servers has been really annoying. I've
tried my hand at creating a solution with PHP so I can run it on more solid
web servers, but I just haven't had time to put into it. I just want SSH sync
on Tomdroid!!! Anyway... My questions follow. Below them, a quick review of
what I've tried:
1: Has anyone run into this and found a solution?
A: How can I control ciphers on the mono which ships with Ubuntu 12.04?
B: How can I make Rainy listen on http://hostA:8800 and still insert
https://hostB:8443 in the URL's in the API response? (note differing hosts AND
2: Has anyone successfully run Rainy behind a reverse proxy? How did you set
3: What is different at https://rainy-demoserver.latecrew.de/ that makes it
work (I tested it)?
4: What solutions have others used to allow SSH sync to work through Tomdroid,
while still allowing SSH sync to work from other linux desktops running
Tomboy? I emailed the list about this in the past - Everything in the past
using file-sync on an SSH-synced folder didn't work because Tomdroid's local
sync != Tomboy's SSH sync.
Here's what I have tried:
(Disclaimer: I am in no way a Mono/C# developer. Actually, I *hate* the
mile-long list of dependencies for Mono, but I love using Tomboy more - so I
did very little at the code-level.)
I ran OpenSSL's s_server test server to see if the version on Ubuntu 12.04 was
somehow not up-to-date with supported ciphers. Tomdroid was able to connect
and complete the SSL Handshake, so it seems to be a Mono issue (Does Mono even
use OpenSSL library?).
I tried upgrading Mono, because apparently Mono 3.1+ allows some control over
the ciphers - but this broke Rainy, so I reverted back.
Next, I decided to setup a reverse proxy on the gateway ahead of the Ubuntu
server hosting Rainy. This was a genuinely bad idea. FYI, It seems the
entire design of Rainy (and to a certain respect, the API) makes this difficult
- at least as long as there is only one variable to declare the hostname used
to build the URL's in the API response AND the listening URL. No form of
trickery with proxies can get it working (Believe me, I was creative - I even
used a pair of proxies to intercept the initial connection, and those
resulting from URL in the API response).
I tried using HTTPS-to-HTTPS proxying, because this way I can "match" the
URL's and the protocol with the Rainy config, but alas, Mono again - I can't
seem to figure out where the certificate/keys are that Mono/Rainy are using, and
I don't wish to change it, it would affect a dozen people.