ubuntuusers.de

Hallo,

aktuell richte ich mir einen VServer ein auf dem ich, da ich dort auch ownCloud laufen lassen möchte, OpenSSL installiert habe da dieses ja gerne eine SSL-Verschlüsselung haben möchte. Der Server stellt eine CA, ein Zertifikat habe ich erzeugt und ich gehe auch davon aus, dass ich alles nicht ganz falsch eingerichtet habe. Der ownCloud-Client kann über SSL eine Verbindung herstellen und synct auch so wie man es von ihm erwartet, mit rekonq kann ich auf die ownCloud-Seite auf dem Server über SSL zugreifen... ...aber auch nur über rekonq. ☹

Firefox wirft mir als Fehlermeldung folgendes entgegen:

Fehler: Gesicherte Verbindung fehlgeschlagen

Ein Fehler ist während einer Verbindung mit h*******.stratoserver.net aufgetreten. Sichere Kommunikation mit der Gegenstelle ist nicht möglich: Keine gemeinsamen Verschlüsselungsalgorithmen. (Fehlercode: ssl_error_no_cypher_overlap)

Auch Chromium liefert eine ähnliche Fehlermeldung (Fehlercode: ERR_SSL_VERSION_OR_CIPHER_MISMATCH), und auch der IE kann die Seite nicht anzeigen (ohne genauere Fehlermeldung, meldet nur einen Netzwerkfehler). Meine erste Vermutung war, dass irgendwas mit dem Zertifikat nicht stimmt, da sich Server und Browser nicht über den Verschlüsselungsalgorithmus einig werden. Jedoch hat der ownCloud-Client ja keine Probleme.

In der about:config von Firefox stehen alle SSL-Verschlüsselungen auf den Standardeinstellungen. Unter anderem auch "security.ssl3.ecdhe_ecdsa_aes_256_sha;true", welches dem Anschein nach das favorisierte Verfahren darstellt. Ein sslscan des Servers ergibt folgende Ausgabe:

/home/markus> sslscan --no-failed h*******.stratoserver.net
                   _
           ___ ___| |___  ___ __ _ _ __
          / __/ __| / __|/ __/ _` | '_ \
          \__ \__ \ \__ \ (_| (_| | | | |
          |___/___/_|___/\___\__,_|_| |_|

                  Version 1.8.2
             http://www.titania.co.uk
        Copyright Ian Ventura-Whiting 2009

Testing SSL server h*******.stratoserver.net on port 443

  Supported Server Cipher(s):
    Accepted  SSLv3  256 bits  ECDHE-ECDSA-AES256-SHA
    Accepted  SSLv3  256 bits  ECDH-ECDSA-AES256-SHA
    Accepted  SSLv3  168 bits  ECDHE-ECDSA-DES-CBC3-SHA
    Accepted  SSLv3  168 bits  ECDH-ECDSA-DES-CBC3-SHA
    Accepted  SSLv3  128 bits  ECDHE-ECDSA-AES128-SHA
    Accepted  SSLv3  128 bits  ECDH-ECDSA-AES128-SHA
    Accepted  SSLv3  128 bits  ECDHE-ECDSA-RC4-SHA
    Accepted  SSLv3  128 bits  ECDH-ECDSA-RC4-SHA
    Accepted  TLSv1  256 bits  ECDHE-ECDSA-AES256-SHA
    Accepted  TLSv1  256 bits  ECDH-ECDSA-AES256-SHA
    Accepted  TLSv1  168 bits  ECDHE-ECDSA-DES-CBC3-SHA
    Accepted  TLSv1  168 bits  ECDH-ECDSA-DES-CBC3-SHA
    Accepted  TLSv1  128 bits  ECDHE-ECDSA-AES128-SHA
    Accepted  TLSv1  128 bits  ECDH-ECDSA-AES128-SHA
    Accepted  TLSv1  128 bits  ECDHE-ECDSA-RC4-SHA
    Accepted  TLSv1  128 bits  ECDH-ECDSA-RC4-SHA

  Prefered Server Cipher(s):
    SSLv3  256 bits  ECDHE-ECDSA-AES256-SHA
    TLSv1  256 bits  ECDHE-ECDSA-AES256-SHA

  SSL Certificate:
    Version: 2
    Serial Number: -14163359963639770826
    Signature Algorithm: ecdsa-with-SHA256
    Issuer: /C=DE/ST=Bavaria/L=Bad Griesbach/O=Internet Widgits Pty Ltd/CN=h*******.stratoserver.net/emailAddress=mail@**********.de
    Not valid before: Aug 16 11:22:54 2014 GMT
    Not valid after: May 12 11:22:54 2017 GMT
    Subject: /C=DE/ST=Bavaria/L=Bad Griesbach/O=Internet Widgits Pty Ltd/CN=h*******.stratoserver.net/emailAddress=mail@**********.de
    Public Key Algorithm: id-ecPublicKey
    EC Public Key:
      Private-Key: (256 bit)
      pub: 
          04:6c:af:70:4e:27:8a:39:b7:e5:3c:cf:41:e9:04:
          ff:9a:ee:0c:be:93:d8:3d:be:ea:0c:e6:17:f9:47:
          92:62:f8:6a:68:c0:ae:a7:fb:b4:fd:bf:3a:75:bf:
          aa:7d:6f:ca:51:e9:3b:1a:67:c1:16:6b:db:bc:c6:
          4e:49:a6:0f:11
      ASN1 OID: secp256k1
    X509v3 Extensions:
      X509v3 Subject Key Identifier: 
        EB:38:F4:71:C5:C1:AD:D9:FF:63:B3:86:E7:5D:1B:59:9F:F4:32:18
      X509v3 Authority Key Identifier: 
        keyid:EB:38:F4:71:C5:C1:AD:D9:FF:63:B3:86:E7:5D:1B:59:9F:F4:32:18

      X509v3 Basic Constraints: 
        CA:TRUE
  Verify Certificate:
    self signed certificate

Ich bin mit meinem Latein am Ende und hoffe, dass mir irgendwer bei dem Problem helfen kann.

lg

Hi,

welchen Webserver nutz du? Zeig mal dein VHOST Config.

Gruß Joachim

Hallo,

ich nutze Apache2.

markus@h*******:~$ cat /etc/apache2/sites-available/ssl.conf
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/apache.crt
    SSLCertificateKeyFile /etc/ssl/private/apache.key
    
    # Pfad zu den Webinhalten
    DocumentRoot /var/www/html
</VirtualHost>

markus@h*******:~$ cat /etc/apache2/sites-available/default-ssl.conf 
<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@localhost

                DocumentRoot /var/www/html

                # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
                # error, crit, alert, emerg.
                # It is also possible to configure the loglevel for particular
                # modules, e.g.
                #LogLevel info ssl:warn

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                # For most configuration files from conf-available/, which are
                # enabled or disabled at a global level, it is possible to
                # include a line for only one particular virtual host. For example the
                # following line enables the CGI configuration for this host only
                # after it has been globally disabled with "a2disconf".
                #Include conf-available/serve-cgi-bin.conf

                #   SSL Engine Switch:
                #   Enable/Disable SSL for this virtual host.
                SSLEngine on

                #   A self-signed (snakeoil) certificate can be created by installing
                #   the ssl-cert package. See
                #   /usr/share/doc/apache2/README.Debian.gz for more info.
                #   If both key and certificate are stored in the same file, only the
                #   SSLCertificateFile directive is needed.
                SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
                SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

                #   Server Certificate Chain:
                #   Point SSLCertificateChainFile at a file containing the
                #   concatenation of PEM encoded CA certificates which form the
                #   certificate chain for the server certificate. Alternatively
                #   the referenced file can be the same as SSLCertificateFile
                #   when the CA certificates are directly appended to the server
                #   certificate for convinience.
                #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt

                #   Certificate Authority (CA):
                #   Set the CA certificate verification path where to find CA
                #   certificates for client authentication or alternatively one
                #   huge file containing all of them (file must be PEM encoded)
                #   Note: Inside SSLCACertificatePath you need hash symlinks
                #                to point to the certificate files. Use the provided
                #                Makefile to update the hash symlinks after changes.
                #SSLCACertificatePath /etc/ssl/certs/
                #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

                #   Certificate Revocation Lists (CRL):
                #   Set the CA revocation path where to find CA CRLs for client
                #   authentication or alternatively one huge file containing all
                #   of them (file must be PEM encoded)
                #   Note: Inside SSLCARevocationPath you need hash symlinks
                #                to point to the certificate files. Use the provided
                #                Makefile to update the hash symlinks after changes.
                #SSLCARevocationPath /etc/apache2/ssl.crl/
                #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl

                #   Client Authentication (Type):
                #   Client certificate verification type and depth.  Types are
                #   none, optional, require and optional_no_ca.  Depth is a
                #   number which specifies how deeply to verify the certificate
                #   issuer chain before deciding the certificate is not valid.
                #SSLVerifyClient require
                #SSLVerifyDepth  10

                #   SSL Engine Options:
                #   Set various options for the SSL engine.
                #   o FakeBasicAuth:
                #        Translate the client X.509 into a Basic Authorisation.  This means that
                #        the standard Auth/DBMAuth methods can be used for access control.  The
                #        user name is the `one line' version of the client's X.509 certificate.
                #        Note that no password is obtained from the user. Every entry in the user
                #        file needs this password: `xxj31ZMTZzkVA'.
                #   o ExportCertData:
                #        This exports two additional environment variables: SSL_CLIENT_CERT and
                #        SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
                #        server (always existing) and the client (only existing when client
                #        authentication is used). This can be used to import the certificates
                #        into CGI scripts.
                #   o StdEnvVars:
                #        This exports the standard SSL/TLS related `SSL_*' environment variables.
                #        Per default this exportation is switched off for performance reasons,
                #        because the extraction step is an expensive operation and is usually
                #        useless for serving static content. So one usually enables the
                #        exportation for CGI and SSI requests only.
                #   o OptRenegotiate:
                #        This enables optimized SSL connection renegotiation handling when SSL
                #        directives are used in per-directory context.
                #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

                #   SSL Protocol Adjustments:
                #   The safe and default but still SSL/TLS standard compliant shutdown
                #   approach is that mod_ssl sends the close notify alert but doesn't wait for
                #   the close notify alert from client. When you need a different shutdown
                #   approach you can use one of the following variables:
                #   o ssl-unclean-shutdown:
                #        This forces an unclean shutdown when the connection is closed, i.e. no
                #        SSL close notify alert is send or allowed to received.  This violates
                #        the SSL/TLS standard but is needed for some brain-dead browsers. Use
                #        this when you receive I/O errors because of the standard approach where
                #        mod_ssl sends the close notify alert.
                #   o ssl-accurate-shutdown:
                #        This forces an accurate shutdown when the connection is closed, i.e. a
                #        SSL close notify alert is send and mod_ssl waits for the close notify
                #        alert of the client. This is 100% SSL/TLS standard compliant, but in
                #        practice often causes hanging connections with brain-dead browsers. Use
                #        this only for browsers where you know that their SSL implementation
                #        works correctly.
                #   Notice: Most problems of broken clients are also related to the HTTP
                #   keep-alive facility, so you usually additionally want to disable
                #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
                #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
                #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
                #   "force-response-1.0" for this.
                BrowserMatch "MSIE [2-6]" \
                                nokeepalive ssl-unclean-shutdown \
                                downgrade-1.0 force-response-1.0
                # MSIE 7 and newer should be able to use keepalive
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

        </VirtualHost>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

markus@h*******:~$ cat /etc/apache2/sites-available/000-default.conf 
<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

lg Markus

hmmm...

probier mal folgendes. Schau dir mal an welche Verschlüsselungen zu Verfügung stehen.

1

openssl ciphers -v 'EECDH+AESGCM EDH+AESGCM EECDH -RC4 EDH -CAMELLIA -SEED !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4'

und gib in deienr Config mal das mit an.

1
2
3
4

SSLProtocol all -SSLv2 -SSLv3
SSLCompression Off
SSLHonorCipherOrder on 
SSLCipherSuite "EECDH+AESGCM EDH+AESGCM EECDH -RC4 EDH -CAMELLIA -SEED !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"

danach schau ob deine ssl.conf wirklich aktiviert ist.

1

a2ensite ssl.conf 

Für dann noch ein Neustart des Apache durch

1

/etc/init.d/apache2 restart

und berichte ☺

Gruß Joachim

Saplaran schrieb:

markus@h*******:~$ cat /etc/apache2/sites-available/ssl.conf
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/apache.crt
    SSLCertificateKeyFile /etc/ssl/private/apache.key
    
    # Pfad zu den Webinhalten
    DocumentRoot /var/www/html
</VirtualHost>

Ist dieser Blog in einem

1
2
3
4

<IfModule mod_ssl.c>
....
...
</IfModule>

eingeschlossen?

Hallo

markus@h*******:~$ openssl ciphers -v 'EECDH+AESGCM EDH+AESGCM !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4'
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD

Meine ssl.conf sieht mit deiner Ergänzung nun so aus (nur der Vollständigkeit halber):

markus@h*******:~$ cat /etc/apache2/sites-available/ssl.conf 
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/apache.crt
    SSLCertificateKeyFile /etc/ssl/private/apache.key

    SSLProtocol all -SSLv2 -SSLv3
    SSLCompression Off
    SSLHonorCipherOrder on 
    SSLCipherSuite "EECDH+AESGCM EDH+AESGCM !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"

    # Pfad zu den Webinhalten
    DocumentRoot /var/www/html
</VirtualHost>

markus@h*******:~$ sudo a2ensite ssl.conf
Site ssl already enabled
markus@h*******:~$ sudo /etc/init.d/apache2 restart
 * Restarting web server apache2                                                                                                 [ OK ]

Und leider ist der Effekt immer noch der Selbe. Firefox jammert (Fehlercode: ssl_error_no_cypher_overlap), Chromium jammert (Fehlercode: ERR_SSL_VERSION_OR_CIPHER_MISMATCH) und rekonq zeigt die Seite. ☹

Hast du noch weitere Ideen?

lg Markus

Ripixxx schrieb:

Saplaran schrieb:

markus@h*******:~$ cat /etc/apache2/sites-available/ssl.conf
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/apache.crt
    SSLCertificateKeyFile /etc/ssl/private/apache.key
    
    # Pfad zu den Webinhalten
    DocumentRoot /var/www/html
</VirtualHost>

Ist dieser Blog in einem

1 2 3 4

<IfModule mod_ssl.c> .... ... </IfModule>

eingeschlossen?

Öh, nö. Muss er? Hab ich jetzt mal gemacht (Apache natürlich neu gestartet), aber keinerlei Effekt und immer noch das selbe Problem.

Proxy eingestellt?

Ripixxx schrieb:

Proxy eingestellt?

Ne, hab kein Proxy hier.

Wenn du mir per PN die Adresse sags probiert ich mal aus ob es am OS oder Browser liegt.

Gruß Joachim

Ripixxx schrieb:

Wenn du mir per PN die Adresse sags probiert ich mal aus ob es am OS oder Browser liegt.

Gruß Joachim

PN ist unterwegs.

Bei mir das gleiche mit Chrome und Opera. Stummen denn die Pfade und Leserechte zu den Zertifikat-Files?

Ist nur die eine Config aktiv? Schau auch mal in den Logs nach.

Gruß Joachim

Ich schau nach und melde mich sobald ich fertig bin.

probier mal nochmal

1
2

sudo a2enmod ssl 
sudo service apache2 force-reload

markus@h*******:~$ ls -l /etc/ssl/certs/apache.crt 
-rw-r--r-- 1 root root 936 Aug 16 13:22 /etc/ssl/certs/apache.crt
markus@h*******:~$ sudo ls -l /etc/ssl/private/apache.key
-rw-r--r-- 1 root root 294 Aug 16 13:00 /etc/ssl/private/apache.key
markus@h*******:~$ ls -l /etc/ssl/
total 48
drwxr-xr-x 2 root root     28672 Aug 28 13:45 certs
-rw-r--r-- 1 root root     10836 Aug 15 18:36 openssl.cnf
drwxr-x--- 2 root ssl-cert  4096 Aug 16 13:00 private
markus@h*******:~$ ls -l /etc/apache2/sites-enabled/
total 0
lrwxrwxrwx 1 root root 35 Aug 15 16:57 000-default.conf -> ../sites-available/000-default.conf
lrwxrwxrwx 1 root root 27 Aug 15 17:36 ssl.conf -> ../sites-available/ssl.conf
markus@h*******:~$

Hier die Meldungen aus der /var/log/apache2/error.log wenn ich Apache neu starte und mit den verschiedenen Browsern ansurfe.

[Thu Aug 28 14:06:52.128382 2014] [mpm_prefork:notice] [pid 7539] AH00169: caught SIGTERM, shutting down
[Thu Aug 28 14:06:53.384422 2014] [ssl:warn] [pid 7803] AH01906: ECC server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Aug 28 14:06:53.583218 2014] [ssl:warn] [pid 7804] AH01906: ECC server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Aug 28 14:06:53.592230 2014] [mpm_prefork:notice] [pid 7804] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.3 OpenSSL/1.0.1f configured -- resuming normal operations
[Thu Aug 28 14:06:53.592284 2014] [core:notice] [pid 7804] AH00094: Command line: '/usr/sbin/apache2'
[Thu Aug 28 14:07:50.964397 2014] [access_compat:error] [pid 7810] [client 85.214.246.118:41108] AH01797: client denied by server configuration: /var/www/owncloud/data/htaccesstest.txt

Die letzte Meldung gibt es, wenn ich ownCloud erfolgreich mit rekonq aufrufe. Interessant dabei: es gibt keine /var/www/owncloud/data/htaccesstest.txt und ich weiß nicht woher er diesen Pfad hat.

Zuguterletzt noch ein Schnipsel aus /var/log/apache2/other_vhosts_access.log

h*******.stratoserver.net:443 84.145.131.69 - - [28/Aug/2014:14:17:44 +0200] "GET /owncloud/core/img/loading-dark.gif HTTP/1.1" 304 208 "https://h2331902.stratoserver.net/owncloud/index.php/apps/files/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.21 (KHTML, like Gecko) rekonq/2.4.2 Safari/537.21"
h*******.stratoserver.net:443 84.145.131.69 - markus [28/Aug/2014:14:17:57 +0200] "PROPFIND /owncloud/remote.php/webdav/ HTTP/1.1" 207 4591 "-" "Mozilla/5.0 (Linux) mirall/1.6.2"
h*******.stratoserver.net:443 84.145.131.69 - - [28/Aug/2014:14:17:59 +0200] "PROPFIND /owncloud/remote.php/webdav HTTP/1.1" 207 6500 "-" "Mozilla/5.0 (Linux) csyncoC/0.91.5 neon/0.30.0"
h*******.stratoserver.net:443 84.145.131.69 - markus [28/Aug/2014:14:18:07 +0200] "PROPFIND /owncloud/remote.php/webdav/ HTTP/1.1" 207 2508 "-" "Mozilla/5.0 (Linux) mirall/1.6.2"
h*******.stratoserver.net:443 84.145.131.69 - - [28/Aug/2014:14:17:59 +0200] "PROPFIND /owncloud/remote.php/webdav/Dropbox HTTP/1.1" 207 8229 "-" "Mozilla/5.0 (Linux) csyncoC/0.91.5 neon/0.30.0"
h*******.stratoserver.net:443 84.145.131.69 - markus [28/Aug/2014:14:18:38 +0200] "PROPFIND /owncloud/remote.php/webdav/ HTTP/1.1" 207 2509 "-" "Mozilla/5.0 (Linux) mirall/1.6.2"
h*******.stratoserver.net:443 84.145.131.69 - markus [28/Aug/2014:14:18:46 +0200] "PROPFIND /owncloud/remote.php/webdav/ HTTP/1.1" 207 4591 "-" "Mozilla/5.0 (Linux) mirall/1.6.2"
h*******.stratoserver.net:443 84.145.131.69 - - [28/Aug/2014:14:18:48 +0200] "PROPFIND /owncloud/remote.php/webdav HTTP/1.1" 207 6500 "-" "Mozilla/5.0 (Linux) csyncoC/0.91.5 neon/0.30.0"
h*******.stratoserver.net:443 84.145.131.69 - - [28/Aug/2014:14:18:48 +0200] "PROPFIND /owncloud/remote.php/webdav/Dropbox HTTP/1.1" 207 8229 "-" "Mozilla/5.0 (Linux) csyncoC/0.91.5 neon/0.30.0"
h*******.stratoserver.net:443 84.145.131.69 - markus [28/Aug/2014:14:19:08 +0200] "PROPFIND /owncloud/remote.php/webdav/ HTTP/1.1" 207 2508 "-" "Mozilla/5.0 (Linux) mirall/1.6.2"

lg Markus