[GH-ISSUE #8480] [Bug] TLS 1.3 + Firefox: login issues #3876

New issue

Open

opened 2026-03-23 21:33:48 +00:00 by mirror · 0 comments

mirror commented

2026-03-23 21:33:48 +00:00

Owner

Originally created by @jbhanks on GitHub (Feb 10, 2026).
Original GitHub issue: https://github.com/AppFlowy-IO/AppFlowy/issues/8480

Bug Description

I just posted this to the Appflowy forum bug report section, but then I noticed it wasn't very active so I decided to also post here.

I just managed to start self-hosting AppFlowy Cloud in a Podman pod behind nginx and ran into a TLS issue that I’m trying to understand. I’m hoping someone here can confirm whether this is expected/known/something worth investigating.

Setup

AppFlowy Cloud in a Podman pod behind nginx (TLS termination at nginx)
Let’s Encrypt certificates
Nginx 1.26.3 + OpenSSL 3.5.1 1 Jul 2025 (Library: OpenSSL 3.5.1 1 Jul 2025)
Web frontend and iOS app connecting to the same host from the same LAN.
Single user, no CDN or proxy in between

What I’m seeing

When nginx is configured to only allow TLS 1.3: ssl_protocols TLSv1.3;

Firefox desktop fails to log in
The login request returns me to the login page without any visible error.
AppFlowy iOS app fails silently
No requests appear in nginx access logs at all. I am however logged in, as going to the main login page gives me my workspace.
tcpdump does show a TCP/TLS handshake attempt from the client, followed by an immediate close.
nginx access logs remain empty, which suggests the failure happens during or immediately after the TLS handshake, before HTTP is established.

If I change nginx to allow TLS 1.2 + TLS 1.3: ssl_protocols TLSv1.3 TLSv1.2;

Firefox desktop login works
AppFlowy iOS app login works
Normal API and WebSocket traffic appears in nginx logs

Why I’m confused

Everything I’ve read suggests:

iOS supports TLS 1.3
AppFlowy is a modern app and should be TLS 1.3–capable

So I am uncertain whether:

AppFlowy (web or iOS) is doing something incompatible with TLS 1.3–only servers
nginx/OpenSSL defaults interact badly with the AppFlowy clients
There is a known requirement to allow TLS 1.2 fallback

I was able to get TLS 1.3–only working previously for a few minutes, but I haven’t been able to reliably reproduce it via automation yet.

Questions

Is TLS 1.3–only officially supported for AppFlowy Cloud and clients?
Has anyone successfully run AppFlowy behind a TLS 1.3–only nginx configuration?
Are there known issues with specific cipher suites or other settings?
Is TLS 1.2 fallback currently recommended for compatibility?

I’m happy to provide nginx config snippets or packet traces if helpful.

Thanks in advance — I’d like to run TLS 1.3–only if possible, but don’t want to fight undefined behavior.

Also, it took a bit of doing to get the Podman set up work, is that something people here would be interested in a post about?

How to Reproduce

Set up Appflowy self-hosted behind nginx with TLS 1.3 only. Try logging in from Firefox. If you want to try to reproduce my setup, the entire deployment is here: https://github.com/jbhanks/appflowy-on-vps-setup

Expected Behavior

Correct login credentials should take me to my workspace.

Operating System

Alma Linux

AppFlowy Version(s)

AppFlowy Cloud version:0.12.1

Screenshots

No response

Additional Context

No response

Originally created by @jbhanks on GitHub (Feb 10, 2026). Original GitHub issue: https://github.com/AppFlowy-IO/AppFlowy/issues/8480 ### Bug Description I just posted this to the Appflowy forum bug report section, but then I noticed it wasn't very active so I decided to also post here. I just managed to start self-hosting AppFlowy Cloud in a Podman pod behind nginx and ran into a TLS issue that I’m trying to understand. I’m hoping someone here can confirm whether this is expected/known/something worth investigating. #### Setup - AppFlowy Cloud in a Podman pod behind nginx (TLS termination at nginx) - Let’s Encrypt certificates - Nginx 1.26.3 + OpenSSL 3.5.1 1 Jul 2025 (Library: OpenSSL 3.5.1 1 Jul 2025) - Web frontend and iOS app connecting to the same host from the same LAN. - Single user, no CDN or proxy in between #### What I’m seeing When nginx is configured to **only allow TLS 1.3**: `ssl_protocols TLSv1.3;` - Firefox desktop fails to log in The login request returns me to the login page without any visible error. - AppFlowy iOS app fails silently No requests appear in nginx access logs at all. I am however logged in, as going to the main login page gives me my workspace. - `tcpdump` does show a TCP/TLS handshake attempt from the client, followed by an immediate close. - nginx access logs remain empty, which suggests the failure happens during or immediately after the TLS handshake, before HTTP is established. If I change nginx to allow **TLS 1.2 + TLS 1.3**: `ssl_protocols TLSv1.3 TLSv1.2;` - Firefox desktop login works - AppFlowy iOS app login works - Normal API and WebSocket traffic appears in nginx logs #### Why I’m confused Everything I’ve read suggests: - iOS supports TLS 1.3 - AppFlowy is a modern app and should be TLS 1.3–capable So I am uncertain whether: - AppFlowy (web or iOS) is doing something incompatible with TLS 1.3–only servers - nginx/OpenSSL defaults interact badly with the AppFlowy clients - There is a known requirement to allow TLS 1.2 fallback I was able to get TLS 1.3–only working previously for a few minutes, but I haven’t been able to reliably reproduce it via automation yet. #### Questions 1. Is TLS 1.3–only officially supported for AppFlowy Cloud and clients? 2. Has anyone successfully run AppFlowy behind a TLS 1.3–only nginx configuration? 3. Are there known issues with specific cipher suites or other settings? 4. Is TLS 1.2 fallback currently recommended for compatibility? I’m happy to provide nginx config snippets or packet traces if helpful. Thanks in advance — I’d like to run TLS 1.3–only if possible, but don’t want to fight undefined behavior. Also, it took a bit of doing to get the Podman set up work, is that something people here would be interested in a post about? ### How to Reproduce Set up Appflowy self-hosted behind nginx with TLS 1.3 only. Try logging in from Firefox. If you want to try to reproduce my setup, the entire deployment is here: https://github.com/jbhanks/appflowy-on-vps-setup ### Expected Behavior Correct login credentials should take me to my workspace. ### Operating System Alma Linux ### AppFlowy Version(s) AppFlowy Cloud version:0.12.1 ### Screenshots _No response_ ### Additional Context _No response_