[Pidgin] #3456: TLS handshake error(unexpected length packet) when recieving MSN contact list
Pidgin
trac at pidgin.im
Sat Feb 21 09:34:11 EST 2009
#3456: TLS handshake error(unexpected length packet) when recieving MSN contact
list
--------------------------------------+-------------------------------------
Reporter: bsdunx | Owner: khc
Type: defect | Status: new
Milestone: | Component: MSN
Version: 2.2.1 | Resolution:
Keywords: gnutls tls handshake msn | Launchpad_bug:
--------------------------------------+-------------------------------------
Comment(by gagern):
OK, attachment:bug3456a.patch solves the MSN issue, no matter what version
of GnuTLS the user has installed. It does so by trying to use the new
`%SSL3_RECORD_VERSION` feature, and if that fails, by disabling TLS 1.1
and above. As future versions of GnuTLS will support
`%SSL3_RECORD_VERSION` and as future server implementations should use the
hello messages to negotiate a common protocol version, there shouldn't be
any harm in having this patch in place even in the far future.
attachment:bug3456b.patch addresses this whole issue with very little
modifications to the code. It tries to enable the `%SSL3_RECORD_VERSION`
flag for all GnuTLS connections, not only the MSN ones, and falls back to
current behaviour if that fails. This means that in order to avoid this
bug here, users not only have to update pidgin, but also their GnuTLS. It
also means that all other protocols will use SSL 3.0 records as well.
While all TLS servers [http://tools.ietf.org/html/rfc2119#section-3
should] accept such connections, there is no guarantee that they actually
do, so there is a chance that this patch will break other protocols. On
the upside, this patch doesn't introduce any new functions into the purple
API.
I would vote to include the first patch as soon as your policy allows.
--
Ticket URL: <http://developer.pidgin.im/ticket/3456#comment:25>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list