tor/privacy (socks5) option giving ssl error

Ileana ileana at
Tue Apr 2 20:55:55 EDT 2013

> You didn't provide any context to the specific issue, but the likely
> reason for this particular error is that the Tor/Privacy Socks5 mode
> will prevent DNS queries from occurring and this probably has the
> effect of preventing you from determining the correct server to
> connect to (e.g. a DNS SRV lookup is necessary to connect to the
> appropriate XMPP server for a number of domains unless you specify a
> Connect Server manually).


Sorry for the lack of context.  I am using tor and pidgin 
Pidgin 2.10.6 (libpurple 2.10.6), on linux.

I am connecting to a normal irc server.

It works with socks 5, it doesn't work, and immediately fails, with
tor/privacy socks5 with error "ssl connection failed".

When I try to connect to an IRC tor hidden service
address (blahblahblah.onion) I get: 
"Unable to connect: Aborting DNS lookup in Tor Proxy mode."

When I try to connect to a regular IRC address/hostname, I get "SSL
Connection Failed".

Both work when I select socks5.  Neither works with tor/privacy(socks5).

Are you suggesting I should be putting the ip addresses in directly for
these hostnames?  That isn't even possible in the case of the hidden
service addresses.  And the hidden service address seems to resolve and
work fine with the socks5 setting.

I don't see how this can't be some kind of bug?  Aren't the dns requests
supposed to go through the proxy?  Do you need to add a check box (do
dns lookup at proxy end), as appears in the main proxy config screen,
for each individual setting?

I am concerned some users may be using pidgin incorrectly.  But you
might be right that it is a dns problem, and it is attempting the
lookup locally.  In the case of the TAILS OS, all dns is transparently
routed over the tor, so local dns gets resolved, and that would work.
But for most privacy users, local dns queeries are a big no-no, yet
they need to be done, and hence are done via socks 5 at proxy end.

What is the workaround now? Use socks4 and make the changes? Is it
sufficient to turn off unpp and disable uneccessary plugins, or is the
tor/privacy setting doing stuff in the code that an end user can't set
manually?  I.E. If I just use socks5 and disable plugins, is that
enough?  Does it do anything versus cctp/ping/dcc etc?


More information about the Support mailing list