[Pidgin] #15510: GTalk connection problem with gnutls 3.1.7

Sun Feb 10 06:43:37 EST 2013

#15510: GTalk connection problem with gnutls 3.1.7
---------------------+--------------------------
 Reporter:  PhobosK  |      Owner:  rekkanoryo
     Type:  defect   |     Status:  new
Milestone:           |  Component:  unclassified
  Version:  2.10.6   |   Keywords:
---------------------+--------------------------
 Case:
 =====
 OS: Gentoo
 Pidgin: 2.10.6 built with gnutls
 GNUTLS: 3.1.7
 GTalk account

 When trying to connect to a GTalk account that previously worked (with
 gnutls 3.1.6), now Pidgin gives error and cannot connect:
 (13:29:51) gnutls: Handshake failed. Error The Diffie-Hellman prime sent
 by the server is not acceptable (not long enough).
 (13:29:51) connection: Connection error on 0x2212eb0 (reason: 5
 description: SSL Handshake Failed)

 According to GNUTLS changelog, there was a change in handling the minimum
 DH bits:
 "The minimum DH bits accepted by a client are now set by the specified
 priority string.
 The current values correspond to the previous defaults (727 bits), except
 for the SECURE128 and SECURE192 strings which increase the minimum to 1248
 and 1776 respectively."

 Google has been notified about the problem, but they may not do anything
 for the fix:
 http://productforums.google.com/forum/#!msg/chat/9YO2RKJoK8w/J1dqCYkd0QkJ

 So should there be a fix released for Pidgin/libpurple that allows
 selection of the option without compromising all the gnutls connections?

-- 
Ticket URL: <https://developer.pidgin.im/ticket/15510>
Pidgin <http://pidgin.im>
Pidgin