Opened 5 years ago

Closed 5 years ago

#16410 closed defect (fixed)

SSL Failed Handshake

Reported by: jdantzler Owned by: deryni
Milestone: Component: XMPP
Version: 2.10.10 Keywords:
Cc:

Description (last modified by jdantzler)

I connect to a chat server via XMPP. Everything is working fine in version 2.10.9. However, after upgrading to version 2.10.10 I can no longer connect via XMPP to our chat server. I get an SSL Failed Handshake error. Therefore, I had to downgrade back down to version 2.10.9. Can someone please look into this issue with XMPP and see if this SSL Failed Handshake can be resolved? Thanks.

Change History (8)

comment:1 Changed 5 years ago by jdantzler

  • Description modified (diff)

comment:2 Changed 5 years ago by datallah

  • Status changed from new to pending

Please follow the instructions to get a debug log and attach it to this ticket.

comment:3 Changed 5 years ago by jumbosson

Seems to be similar/identical to #14655 from version 2.10.0 and #1435 from version 2.0.1. I can also confirm that it was properly working in version 2.10.9 on Windows 7.

Unfortunately I can't give a full debug listing due to Security concerns on this PC. Partial sanitized listing here:

(09:56:28) account: Connecting to account xxx@yyy.com/.
(09:56:28) connection: Connecting. gc = 04EBC170
(09:56:28) dnsquery: Performing DNS lookup for yyy.com
(09:56:28) dnsquery: IP resolved for yyy.com
(09:56:28) proxy: Attempting connection to yyy.yyy.yyy.yyy
(09:56:28) proxy: Connecting to yyy.com:5222 with no proxy
(09:56:28) proxy: Connection in progress
(09:56:29) proxy: Connecting to yyy.com:5222.
(09:56:29) proxy: Connected to yyy.com:5222.
(09:56:29) nss: Handshake failed  (-5938)
(09:56:29) connection: Connection error on 04EBC170 (reason: 5 description: SSL Handshake Failed)
(09:56:29) account: Disconnecting account xxx@yyy.com/ (0271A4F0)
(09:56:29) connection: Disconnecting connection 04EBC170
(09:56:29) connection: Destroying connection 04EBC170

comment:4 Changed 5 years ago by datallah

It's going to be hard to know what's going on without more information.

#14655 is something quite different.

Is this a public server that I can prod to get some debugging information?

It's possible that the server only supports old insecure ciphers and that's causing the handshake to (correctly) fail.

The fact that it worked with 2.10.9 means it's also most likely a different issue from #16262.

comment:5 Changed 5 years ago by jdantzler

  • Status changed from pending to new

Unfortunately, I am also unable to provide a full debug log due to security concerns. I was thinking that the issue could be the server is only supporting old ciphers thus causing the handshake to fail. We may be able to create a mock up server that exhibits the same issue and provide more information later on. Thanks.

comment:6 Changed 5 years ago by datallah

  • Status changed from new to pending

Pidgin 2.10.11 now ships with a "NSS Preferences" plugin which allows you to choose the supported ciphers - if that is the problem, you should be able to use that plugin to enable the cipher that you need.

comment:7 Changed 5 years ago by jdantzler

  • Status changed from pending to new

The new Pidgin 2.10.11 connects again to our XMPP server when configuring NSS Preferences. Thanks for the quick turn around. This ticket can be closed.

comment:8 Changed 5 years ago by jdantzler

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!