[Pidgin] #1435: server handshake failes due to cipher spec mismatch

Pidgin trac at pidgin.im
Wed May 30 17:39:50 EDT 2007 

#1435: server handshake failes due to cipher spec mismatch
---------------------------+------------------------------------------------
 Reporter:  bastischubert  |       Type:  defect
   Status:  new            |   Priority:  minor 
Component:  pidgin (gtk)   |    Version:  2.0.1 
 Keywords:  cipher specs   |    Pending:  0     
---------------------------+------------------------------------------------
 while trying to connect to an xmpp server i get an handshake error

 debug version shows the following output when connecting to 5222 and using
 starttls:
 {{{
 (23:28:09) account: Connecting to account
 bauchilein at im.lokalisten.de/pidgin
 (23:28:09) connection: Connecting. gc = 03A4B780
 (23:28:09) dnsquery: Performing DNS lookup for im.lokalisten.de
 (23:28:09) dnsquery: IP resolved for im.lokalisten.de
 (23:28:09) proxy: Attempting connection to 194.97.153.82
 (23:28:09) proxy: Connecting to im.lokalisten.de:5222 with no proxy
 (23:28:09) proxy: Connection in progress
 (23:28:09) proxy: Connected to im.lokalisten.de:5222.
 (23:28:09) jabber: Sending: <?xml version='1.0' ?>
 (23:28:09) jabber: Sending: <stream:stream to='im.lokalisten.de'
 xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'
 version='1.0'>
 (23:28:09) jabber: Recv (521): <?xml version='1.0'
 encoding='UTF-8'?><stream:stream
 xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client"
 from="im.lokalisten.de" id="d41dba2a" xml:lang="en"
 version="1.0"><stream:features><starttls xmlns="urn:ietf:params:xml:ns
 :xmpp-tls"></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-
 sasl"><mechanism>PLAIN</mechanism></mechanisms><compression
 xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth
 xmlns="http://jabber.org/features/iq-auth"/></stream:features>
 (23:28:09) jabber: Sending: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-
 tls'/>
 (23:28:09) jabber: Recv (50): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-
 tls"/>
 (23:28:09) nss: Handshake failed -5938
 (23:28:09) account: Disconnecting account 00D53DA8
 (23:28:09) connection: Disconnecting connection 03A4B780
 (23:28:09) connection: Destroying connection 03A4B780
 }}}

 trying the same with port 5223 and direct ssl connect
 {{{
 (23:34:12) account: Connecting to account
 bauchilein at im.lokalisten.de/pidgin
 (23:34:12) connection: Connecting. gc = 00D72D28
 (23:34:12) dnsquery: Performing DNS lookup for im.lokalisten.de
 (23:34:12) dnsquery: IP resolved for im.lokalisten.de
 (23:34:12) proxy: Attempting connection to 194.97.153.82
 (23:34:12) proxy: Connecting to im.lokalisten.de:5223 with no proxy
 (23:34:12) proxy: Connection in progress
 (23:34:12) proxy: Connected to im.lokalisten.de:5223.
 (23:34:12) nss: Handshake failed -12286
 (23:34:12) account: Disconnecting account 00D53978
 (23:34:12) connection: Disconnecting connection 00D72D28
 (23:34:12) connection: Destroying connection 00D72D28
 }}}

 Tested with Pidgin 2.0.1 on Windows and CentOS/Linux

 The following cipher specs are offered from the client according to
 wireshark:
 {{{
 SSLv2 Record Layer: Client Hello
 Length: 70
 Handshake Message Type: Client Hello (1)
 Version: TLS 1.0 (0x0301)
 Cipher Spec Length: 45
 Session ID Length: 0
 Challenge Length: 16
 Cipher Specs (15 specs)
 Cipher Spec: SSL2_RC4_128_WITH_MD5 (0x010080)
 Cipher Spec: SSL2_RC2_CBC_128_CBC_WITH_MD5 (0x030080)
 Cipher Spec: SSL2_DES_192_EDE3_CBC_WITH_MD5 (0x0700c0)
 Cipher Spec: SSL2_DES_64_CBC_WITH_MD5 (0x060040)
 Cipher Spec: SSL2_RC4_128_EXPORT40_WITH_MD5 (0x020080)
 Cipher Spec: SSL2_RC2_CBC_128_CBC_WITH_MD5 (0x040080)
 Cipher Spec: TLS_RSA_WITH_RC4_128_MD5 (0x000004)
 Cipher Spec: SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (0x00feff)
 Cipher Spec: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00000a)
 Cipher Spec: SSL_RSA_FIPS_WITH_DES_CBC_SHA (0x00fefe)
 Cipher Spec: TLS_RSA_WITH_DES_CBC_SHA (0x000009)
 Cipher Spec: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x000064)
 Cipher Spec: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x000062)
 Cipher Spec: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x000003)
 Cipher Spec: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x000006)
 Challenge
 }}}
 the specs seem a bit "weak" imho :-/[[BR]]
 any ideas?

-- 
Ticket URL: <http://developer.pidgin.im/ticket/1435>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list