tor/privacy (socks5) option giving ssl error

Daniel Atallah datallah at
Tue Apr 2 21:46:20 EDT 2013

On Tue, Apr 2, 2013 at 8:55 PM, Ileana <ileana at> wrote:
>> You didn't provide any context to the specific issue, but the likely
>> reason for this particular error is that the Tor/Privacy Socks5 mode
>> will prevent DNS queries from occurring and this probably has the
>> effect of preventing you from determining the correct server to
>> connect to (e.g. a DNS SRV lookup is necessary to connect to the
>> appropriate XMPP server for a number of domains unless you specify a
>> Connect Server manually).
> Daniel,
> Sorry for the lack of context.  I am using tor and pidgin
> Pidgin 2.10.6 (libpurple 2.10.6), on linux.
> I am connecting to a normal irc server.
> It works with socks 5, it doesn't work, and immediately fails, with
> tor/privacy socks5 with error "ssl connection failed".
> When I try to connect to an IRC tor hidden service
> address (blahblahblah.onion) I get:
> "Unable to connect: Aborting DNS lookup in Tor Proxy mode."
> When I try to connect to a regular IRC address/hostname, I get "SSL
> Connection Failed".

You'll need to provide more details - a sanitized debug log
(Help->Debug Window) from when it tries to connect should help.

> Both work when I select socks5.  Neither works with tor/privacy(socks5).
> Are you suggesting I should be putting the ip addresses in directly for
> these hostnames?  That isn't even possible in the case of the hidden
> service addresses.  And the hidden service address seems to resolve and
> work fine with the socks5 setting.

No, that's not necessarily what I'm suggesting.

> I don't see how this can't be some kind of bug?  Aren't the dns requests
> supposed to go through the proxy?  Do you need to add a check box (do
> dns lookup at proxy end), as appears in the main proxy config screen,
> for each individual setting?

Again, it's hard to say without more information.  It's not possible
to do all DNS requests through the proxy - you can pass a hostname to
the proxy and have it resolve it, but e.g. a SRV request can't be done
through a proxy.

No, that checkbox is globally applied, it doesn't need to be more
granularly applied.

> I am concerned some users may be using pidgin incorrectly.  But you
> might be right that it is a dns problem, and it is attempting the
> lookup locally.  In the case of the TAILS OS, all dns is transparently
> routed over the tor, so local dns gets resolved, and that would work.
> But for most privacy users, local dns queeries are a big no-no, yet
> they need to be done, and hence are done via socks 5 at proxy end.
> What is the workaround now? Use socks4 and make the changes? Is it
> sufficient to turn off unpp and disable uneccessary plugins, or is the
> tor/privacy setting doing stuff in the code that an end user can't set
> manually?  I.E. If I just use socks5 and disable plugins, is that
> enough?  Does it do anything versus cctp/ping/dcc etc?

TAILS is pretty much irrelevant from the application perspective.
I'm going to hold off answering the rest because we don't know what
the problem is.


More information about the Support mailing list