[Pidgin] #16262: Connecting to ejabberd that has RC4 disabled: SSL Handshake Failed
Pidgin
trac at pidgin.im
Wed Oct 29 12:44:31 EDT 2014
#16262: Connecting to ejabberd that has RC4 disabled: SSL Handshake Failed
-----------------------+---------------------------
Reporter: asjoegren | Owner: EionRobb
Type: defect | Status: new
Milestone: | Component: unclassified
Version: 2.10.9 | Resolution:
Keywords: ssl |
-----------------------+---------------------------
Comment (by asjoegren):
Ok, I did another test - if I use the setup shown here:
https://netfuture.ch/tools/tls-interposer/#default-cipher i.e.:
{{{
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
}}}
then Pidgin can't connect:
{{{
(17:27:17) nss: Handshake failed (-5938)
(17:27:17) connection: Connection error on 0x7f82367ceec0 (reason: 5
description: SSL Handshake Failed)
}}}
but if I remove the ":!RC4", i.e. I use:
{{{
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
}}}
then I _can_ connect (full log attached as debug2.txt) - albeit with RC4
and SHA1:
{{{
(17:23:14) nss: SSL version 3.3 using 128-bit RC4 with 160-bit SHA1 MAC
Server Auth: 4096-bit RSA, Key Exchange: 4096-bit RSA, Compression: NULL
Cipher Suite Name: TLS_RSA_WITH_RC4_128_SHA
}}}
So it seems to me that Pidgin 2.10.10 with libnss3 3.17.2 on Debian
unstable still needs RC4 to connect.
--
Ticket URL: <https://developer.pidgin.im/ticket/16262#comment:8>
Pidgin <https://pidgin.im>
Pidgin
More information about the Tracker
mailing list