Forums Help & support I can't log in (android) Reply To: I can't log in (android)

#7737 Reply

Svante
Spectator

Hello Adam & David,

We are investigating this. The likely cause is a little too tight configuration of our SSL parameters, however although we’re sorry for the inconvenience we’d rather err on the safe side here.

The background is that since we’re relying on SSL/TLS to protect sensitive information when travelling to our server (passwords both for the account and the online password manager), it’s important that we maintain strong security. Since SSL/TLS has been under careful public (and secret) scrutiny for many many years, weaknesses have been discovered. Some are such that we really don’t want to allow such a connection, so we actually do not support some legacy “cipher suites” and protocols.

In other words – in some cases we’d rather not allow a client to connect and use a service, rather than allow an insecure connection.

One might argue that it’s the users decision, but in this case it’s just too hard to know as a user just what the risks are.

Also unfortunately, there’s no well-accepted best practices here since it all depends on the server capabilities and the level of security required, offset by other requirements as well such as performance.

So we’ve been very conservative, and may have locked some devices out. We have now amended this slightly, so perhaps you can try again and see if you have better luck.

In any case, do let us know, so we know if we should continue investigate.