Can't get binary to work on Android 4.4.4

I am reviving an old tablet to view pdfs. My tablet runs best on Android 4.4.4, so I installed this version on it. (Any newer version glitches it out so I am stuck with this version)

I am able to download the android app, but after initialization the app is stuck at “syncthing is starting” prompt. (The syncthing-lite is incompatible for android <5)

Did anyone else encounter this? Can I fix this?

The log has this line copied over and over;

W/SyncthingNativeCode(7710): <DATE> http: TLS handshake error from 127.0.0.1:xxxxx: tls: client offered and unsupported, maximum protocol; version 300
W/SyncthingNativeCode(7710): <DATE> http: TLS handshake error from 127.0.0.1:xxxxx: tls: client offered and unsupported, maximum protocol; version 301

It seems like the latest syncthing binary requires a version of TLS that is not supported by Android 4.4.4. The question is, is there a way to enable older TLS versions for the binary via environment variables or something?

I don’t think so, but I think next version might drop the requirement.

Thank you for your replies. I contacted the ROM I’m using as well; a google search tells me some android vendors provide it and some dont for 4.4.1 etc.

The dev for my ROM told me to point the devs to this blog post; https://blog.dev-area.net/2015/08/13/android-4-1-enable-tls-1-1-and-tls-1-2/

I think API level 20+ must be used in android 4.4 for tls 1.2 to be used?

I suspect this could get difficult as the syncthing native is written in go and does not have access to the java functions in an easy to do way.

I suspect that the issue in case is that the Android app cannot communicate with the Go binary, since the Go binary expects TLS cipher suits the Java part does not support. So actually it would be something we’d need to address in the Java part.

But given that we already have targetSdkVersion 26 and minSdkVersion 16, it should be possible to try the workaround with the wrapped SSLSocketFactory that @silverbluep mentioned above.

If we want to do that, I think @silverbluep should open an issue in the issue tracker on Github.

1 Like

Thinking about it again, do we actually gain anything by using HTTPS for the GUI/API, as long as we are bound to 127.0.0.1?

I can open an issue on syncthing, or syncthing-android; would this be a specific syncthing-android issue?

In my opinion this is specific to syncthing-android.

1 Like

Yeah… I think we should retain the requirement. The correct workaround in this the case seems to be to use plain HTTP on 127.0.0.1…

1 Like

Do I get this right: tls 1.2 was enabled in a recent syncthing update 0.14.51? .52? and after this, Android 4.4 and earlier cannot access the rest api on https because of the tls version enforcement from the native binary? I’m asking because some weeks ago I ran syncthing android successfully on an old android 4.1 phone.

1 Like

TLS 1.2 is required in .53/.54 (released at the same time) and newer.

2 Likes

Luckily for me .39 (I think it was) worked just fine with my old 4.0.1 tablet when the screen broke and I needed to transfer 50 gigs of data… and the other physical interfaces were broken. I found syncthing then and it did the job. Otherwise I wouldn’t be here now - with synchting running on everything I’m using :slight_smile:

2 Likes

Please don’t advertise this but thanks for reporting back. Happy merry X-Mas!

Did not realize it was against the rules; so I will delete my previous post! This thread details the issue on github if anyone wants to follow through on this issue; https://github.com/syncthing/syncthing-android/issues/1255

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.