Some Mastodon instances with higher security TLS configurations are not working in Tusky on Android 7.0. This is due to a regression in its system SSL library—fixed in Android 7.1—where the only supported elliptic curve is secp256r1.

As far as I know, there isn't anything that can be fixed on Tusky's part, aside from shipping its own SSL library, which is too big an undertaking.

Sorry to folks who can't use the app because of this.

@Tusky Darn :/ Thanks for looking into it and letting us know. Now I just have to hope that Nextbit will push an update to my phone in the near future.

@Tusky FYI I had them change the production guide so the nginx config says to use this cypher. Hopefully it won't be an issue for new instances.

@Tusky it's maybe possible to work around this by using the Google Play Services SecurityProvider on devices where it's supported

@Tusky Really sucks since there isn't a decent client on Android. But hopefully the different sites get things sorted out soon. Keep up the good work.

@Tusky Is this problem preset in all previous Android versions? I'm trying to connect to instance but the app authorization fails. I wonder if this is due to the SSL problem or something else...

@Tusky that reminds me of a bug in 4.2.2 where the OS refuses to renew certificates which have been expired. We had an entire user-base screwed after that whole GlobalSign fuckup with no solution other than "Buy a new phone".

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!