[Pidgin] #1435: server handshake failes due to cipher spec mismatch
Pidgin
trac at pidgin.im
Mon Oct 27 15:34:59 EDT 2008
#1435: server handshake failes due to cipher spec mismatch
---------------------------+------------------------------------------------
Reporter: bastischubert | Owner: deryni
Type: defect | Status: closed
Milestone: 2.5.2 | Component: libpurple
Version: 2.0.1 | Resolution: fixed
Keywords: cipher specs |
---------------------------+------------------------------------------------
Comment(by stefanx):
Please check the following Gajim log:
{{{
<?xml version='1.0'?>
<stream:stream xmlns="jabber:client" to="example.com" version="1.0"
xmlns:stream="http://etherx.jabber.org/streams" >
<?xml version='1.0'?>
<stream:stream xmlns='jabber:client'
xmlns:stream='http://etherx.jabber.org/streams' id='1769693020'
from='example.com' version='1.0' xml:lang='en'>
<stream:features>
<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
<required/>
</starttls>
<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
<mechanism>DIGEST-MD5</mechanism>
<mechanism>PLAIN</mechanism>
</mechanisms>
<register xmlns='http://jabber.org/features/iq-register'/>
</stream:features>
<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
<?xml version='1.0'?>
<stream:stream xmlns="jabber:client" to="example.com" version="1.0"
xmlns:stream="http://etherx.jabber.org/streams" >
<?xml version='1.0'?>
<stream:stream xmlns='jabber:client'
xmlns:stream='http://etherx.jabber.org/streams' id='980616346'
from='example.com' version='1.0' xml:lang='en'>
<stream:features>
<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
<mechanism>DIGEST-MD5</mechanism>
<mechanism>PLAIN</mechanism>
</mechanisms>
<register xmlns='http://jabber.org/features/iq-register'/>
</stream:features>
<auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="DIGEST-MD5" />
<challenge xmlns='urn:ietf:params:xml:ns:xmpp-
sasl'>bm9uY2U9IjM5NjU3MDA0NDciLHFvcD0iYXV0aCIsY2hhcn...</challenge>
<response xmlns="urn:ietf:params:xml:ns:xmpp-
sasl">Y2hhcnNldD11dGYtOCx1c2VybmFtZT0iamFuIixyZWFsbT0ic...</response>
<challenge xmlns='urn:ietf:params:xml:ns:xmpp-
sasl'>cnNwYXV0aD1mZDIyOTA1YjdmY2VlMTlmNDZhMzM5NjA1YTQ3...</challenge>
<response xmlns="urn:ietf:params:xml:ns:xmpp-sasl" />
<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
<?xml version='1.0'?>
<stream:stream xmlns="jabber:client" to="example.com" version="1.0"
xmlns:stream="http://etherx.jabber.org/streams" >
}}}
>One of two things is happening when gajim connects. Either it tries a TLS
>connection without checking if the server supports it (which is
absolutely broken
>behavior and seems unlikely to me) or gajim is intending to use TLS when
it starts
>the connection, discovers that the server doesn't support it and (either
silently
>or in a way you don't notice) falls back to not using TLS and continues
normally.
For me the log seems to look as Gajim would really use TLS and has no
problem with "TLS-required".
>Your selection of the 'require TLS' option prevents pidgin from falling
back to
>using a non-TLS connection to the server when it determines that the
server doesn't
>support it, thus the error message you are receiving.
While I definitely want an encrypted connection a failed connection rather
than an unencrypted connection is fine. But I don't see why my server
doesn't support TLS.
>There is actually one other possibility, which is that gajim is in fact
using port
>5223 and and old-style SSL connection rather than using starttls over
5222.
I configured Gajim to use port 5222.
Any ideas?
--
Ticket URL: <http://developer.pidgin.im/ticket/1435#comment:20>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list