i have a bitwarden setup running with the docker containers, working fine so far, running behind a nginx proxy.
Recently i changed the proxy setup due to a new dynDNS name and therefore received new let’s encrypt certificates. With the new certificates the Android client will not connect any more, it shows an “Exception message : Handshake failed”
I can open the bitwarden url in Chrome and Firefox with no problems, only the app is showing the error.
What i found out so far : the certificates differ in the way they where generated.
The old and working setup has a certificate signed with a RSA-4096 bit key, the new one has a Elliptic Curve key EC-384
Can someone else confirm a working setup with elliptic keys in let’s encrypt certificates ?
If I remember correctly, Let’s Encrypt certificates can have issues with older versions of Android due to a change in LE’s root certificate. See their announcement here:
You could fix the problem by purchasing a cert from another CA, I suspect.
the “old” certificate is from lets encrypt also, also based on their root certificate and this is working fine.
what i don’t understand is why Chrome and Firefox are working, Bitwarden is not. Do the browsers have their own crypto library, and Bitwarden uses the one from the operating system ?