[CalendarServer-users] El Capitan Calendar client doesn't work with calendarserver SSL connections
dre at apple.com
Sun Jan 24 20:22:40 PST 2016
> On Jan 24, 2016, at 2:48 PM, Kyle Silfer <kyle at rtoads.com> wrote:
> This might save someone from pulling out their hair.
> El Capitan’s Calendar app requires TLSv1.2 handshaking which calendarserver doesn’t provide. The app simply refuses to connect with a misleading error message about not being able to validate username or password.
I think your had an authentication failure of some sort, because Calendar.app doesn't seem to require TLS1.2:
# calendar service in current Server version:
andre at youbeill[~] openssl s_client -quiet -connect example.com:443 -tls1_2
139917422212768:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:339:
# OS X client debug logs connecting to this service:
[>>>>> 2016-01-24 19:57:36.635]
[User-Agent: Mac+OS+X/10.11.3 (15D21) CalendarAgent/361.1]
[<?xml version="1.0" encoding="UTF-8"?>
[<<<<< 2016-01-24 19:57:36.645]
[HTTP/1.1 200 (OK)]
[Date: Mon, 25 Jan 2016 03:57:36 GMT]
[Keep-Alive: timeout=5, max=96]
[Server: Twisted/15.2.1 TwistedWeb/9.0.0]
> The workaround is to use a current Apache server to handle the TLSv1.2 portion of the connection and redirect to a plain http connection on the localhost. This killed 3 hours of my day today and I hope someone finds this hard-won knowledge valuable.
I suspect this worked for you because it also worked around some other problem.
Client logs should distinguish between a TLS error and an authentication problem; see this for logging instructions:
More information about the calendarserver-users