Pidgin cannot connect to using TLS secured XMPP

Marcus Trautwig Marcus at
Tue May 6 20:06:03 EDT 2008


I think I just discovered why Pidgin suddenly fails to connect to (and maybe other XMPP servers) with an "SSL Handshake"
error. My Pidgin (2.4.1 from Ubuntu Hardy) uses the libnss SSL library
which only has weak ciphers activated by default:

The server is not satisfied with the ciphers enabled by
default and aborts the SSL/TLS handshake. You can inspect this with
Wireshark by choosing "Decode As.." from the context menu of one of the
connection packages and then selecting "SSL". On, you have
to skip over to the "SSL Client Hello", where Pidgin claims to only
support some weak ciphers.

The attached patch also enables the strong ciphers and now it works
again! But please consider that this may break other SSL connections,
the new "SSL Client Hello" message does not look SSLv2-compatible any

BTW, there is already a bug on this issue, but I did not see it appear
until Pidgin 2.4.1:

Kind Regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssl-strong-ciphers.patch
Type: text/x-patch
Size: 1124 bytes
Desc: not available
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <>

More information about the Support mailing list