What HTTPS protocols or ciphers supported by client?
It's completely possible that some features of SSL/TLS are not supported if you are using older version of Android, but it's not really an app issue. It's just OS issue. Chrome might still work because it probably uses own separate SSL/TLS implementation and not the system one.
@OverkillTASF I run traccar (3.16) reverse-proxied by nginx, A+ on ssllabs.com. This is HSTS also, Android clients (Oreo) using an https:// url work just fine.
Thanks Anton, Armstrong.
Possible these clients fall into the "really old" realm, possibly KitKat. I'll locate a list or tool that can identify what ciphers are supported by the OS and share it here in case anyone runs into a similar issue after securing their server.
They are Android 4.4.4 and I've dropped my server TLS and ciphers down to levels compatible with 4.0.4. No love still.
Packet captures are next I guess.
I guess so. Another option is to debug the app, if you have necessary skills.
Unfortunately I don't. Not a developer, and definitely not an Android developer. But I'll see what I can learn.
After a crap load of troubleshooting, it looks like it might just be that the base OS (and hence the Traccar Client) on these phones, despite all reports to the contrary, only support TLS v1.0. I don't know why my earlier attempt at supporting older TLS versions didn't work... But... I'm back in business. Will make sure it keeps working through tomorrow morning.
I have an issue where one set of android phones stopped working simultaneously one day a few months ago, but all others are fine. I can browse to my traccar device destination HTTPS and HTTP just fine, but when the client is configured to use HTTPS (just on these devices) it doesn't even show up in my proxy logs (apache) and the client reports simply "send failed". HTTP works. I will try a packet capture later on if the users are available.
The only thing I can think of at this point is that the traccar client doesn't support the full suite of modern SSL/TLS protocols, such as would be necessary config to get A+ at SSL Labs...
PS... If you had a "premium forum" option I would pay for it, just so you didn't have to go through so many "help me understand how to configure nginx on my raspberry pi at my mom's house" posts.