[Pidgin] #3456: TLS handshake error(unexpected length packet) when recieving MSN contact list

Pidgin trac at pidgin.im
Sun Feb 22 04:12:53 EST 2009


#3456: TLS handshake error(unexpected length packet) when recieving MSN contact
list
--------------------------------------+-------------------------------------
 Reporter:  bsdunx                    |           Owner:  khc   
     Type:  defect                    |          Status:  closed
Milestone:  2.5.5                     |       Component:  MSN   
  Version:  2.2.1                     |      Resolution:  fixed 
 Keywords:  gnutls tls handshake msn  |   Launchpad_bug:        
--------------------------------------+-------------------------------------

Comment(by gagern):

 Replying to [comment:26 khc]:
 > For the latter, is that what nss does (and which is why it seems to work
 better at least in this case)?

 Don't think so. As mentioned in comment:17, NSS doesn't support TLS 1.1 at
 all, so even if it sends its highest supported record version, 1.0, that
 will be accepted by the server. Once NSS does support TLS 1.1 we will have
 to see what its default behaviour is then, and whether we need workarounds
 for specific hosts there as well.

 > I'd rather really prefer that our ssl plugins abstract out the backend
 differences instead of having a flag that's useful only in some cases.

 Problem is that hosts might be broken in both directions, which is the
 reason for the GnuTLS default behaviour in the first place. If we have to
 deal with both kinds of broken servers, we need some kind of flag to
 determine what workaround we use, or a rather elaborate automatic fallback
 mechanism.

 > I am going to checkin the second patch, other developers who are more
 well versed in ssl than I am feel free to decide otherwise.

 I'd say test that, see if it works. If any problems turn up in other
 protocols, where the SSL 3.0 record version causes trouble, revert that
 patch and apply the other instead.

-- 
Ticket URL: <http://developer.pidgin.im/ticket/3456#comment:28>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list