SSL and Gaim/Pidgin

Edward Rudd erudd at netfor.com
Mon Jul 23 21:37:49 UTC 2007 

ARGH.

Ok..  if I use Pidgin on win32, TLS ssl works fine, if I use psi on
linux, works fine. However, if I use pidgin on linux it does not connect
reliably to djabberd w/ SSL.

The error (running djabberd in debug mode)

** (Pidgin on linux/Fedora 7)
DEBUG DJabberd.Connection.ClientIn             New connection '17' from
192.168.0.73
setting ssl (35245712) fileno to 16
DJabberd::Connection::ClientIn=ARRAY(0x2091c80):  Cipher `(NONE)'
SSL_read 18340: 1 - error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
version number
SSL Read error: SSL_read 18340: 1 - error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number

DEBUG DJabberd.Connection.ClientIn             DISCONNECT: 17

** (Pidgin on win32)
DEBUG DJabberd.Connection.ClientIn             New connection '11' from
192.168.0.102
setting ssl (35043984) fileno to 8
DJabberd::Connection::ClientIn=ARRAY(0x2026500):  Cipher `(NONE)'
INFO  DJabberd.VHost                           Registering
'tbeihold at lan.netfor.com/Home' to connection '11'

** PSI on linux
DEBUG DJabberd.Connection.OldSSLClientIn       New connection '1' from
192.168.0.73
setting ssl (33096192) fileno to 14
DJabberd::Connection::OldSSLClientIn=ARRAY(0x1f65d00):  Cipher `AES256-SHA'
INFO  DJabberd.VHost                           Registering
'erudd at lan.netfor.com/Psi' to connection '1'


PSI uses openssl,
Pidgin on both windows and linux uses mozilla's NSS (version 3.11.4) (it
can use gnutls, however no one seems to compile it using gnutls).
A MDK linux system running nss3 1.5 connects fine (though running gaim
2.0.2beta3.1),

It seems to be an nss issue, but not sure how.  Any ideas on how to
debug this issue?

AGH.. OK. tested a FC7 i386 system and it works there.  Seems to be only
x86_64 linux systems that are affected.  Big bug in NSS?

But if I configure the 64-bit system to force old SSL (5223) AND change
the port to 5223 AND  specify the host to connect to, it connects fine.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: erudd.vcf
Type: text/x-vcard
Size: 272 bytes
Desc: not available
Url : http://lists.danga.com/pipermail/djabberd/attachments/20070723/5aad4b9b/erudd-0001.vcf

More information about the Djabberd mailing list