tor/privacy (socks5) option giving ssl error

Daniel Atallah datallah at pidgin.im
Tue Apr 2 21:46:20 EDT 2013


On Tue, Apr 2, 2013 at 8:55 PM, Ileana <ileana at fairieunderground.info> wrote:
>>
>> You didn't provide any context to the specific issue, but the likely
>> reason for this particular error is that the Tor/Privacy Socks5 mode
>> will prevent DNS queries from occurring and this probably has the
>> effect of preventing you from determining the correct server to
>> connect to (e.g. a DNS SRV lookup is necessary to connect to the
>> appropriate XMPP server for a number of domains unless you specify a
>> Connect Server manually).
>>
>
> Daniel,
>
> Sorry for the lack of context.  I am using tor and pidgin
> Pidgin 2.10.6 (libpurple 2.10.6), on linux.
>
> I am connecting to a normal irc server.
>
> It works with socks 5, it doesn't work, and immediately fails, with
> tor/privacy socks5 with error "ssl connection failed".
>
> When I try to connect to an IRC tor hidden service
> address (blahblahblah.onion) I get:
> "Unable to connect: Aborting DNS lookup in Tor Proxy mode."
>
> When I try to connect to a regular IRC address/hostname, I get "SSL
> Connection Failed".

You'll need to provide more details - a sanitized debug log
(Help->Debug Window) from when it tries to connect should help.


> Both work when I select socks5.  Neither works with tor/privacy(socks5).
>
> Are you suggesting I should be putting the ip addresses in directly for
> these hostnames?  That isn't even possible in the case of the hidden
> service addresses.  And the hidden service address seems to resolve and
> work fine with the socks5 setting.

No, that's not necessarily what I'm suggesting.

> I don't see how this can't be some kind of bug?  Aren't the dns requests
> supposed to go through the proxy?  Do you need to add a check box (do
> dns lookup at proxy end), as appears in the main proxy config screen,
> for each individual setting?

Again, it's hard to say without more information.  It's not possible
to do all DNS requests through the proxy - you can pass a hostname to
the proxy and have it resolve it, but e.g. a SRV request can't be done
through a proxy.

No, that checkbox is globally applied, it doesn't need to be more
granularly applied.

> I am concerned some users may be using pidgin incorrectly.  But you
> might be right that it is a dns problem, and it is attempting the
> lookup locally.  In the case of the TAILS OS, all dns is transparently
> routed over the tor, so local dns gets resolved, and that would work.
> But for most privacy users, local dns queeries are a big no-no, yet
> they need to be done, and hence are done via socks 5 at proxy end.
>
> What is the workaround now? Use socks4 and make the changes? Is it
> sufficient to turn off unpp and disable uneccessary plugins, or is the
> tor/privacy setting doing stuff in the code that an end user can't set
> manually?  I.E. If I just use socks5 and disable plugins, is that
> enough?  Does it do anything versus cctp/ping/dcc etc?

TAILS is pretty much irrelevant from the application perspective.
I'm going to hold off answering the rest because we don't know what
the problem is.

-D




More information about the Support mailing list