[Pidgin] #15510: GTalk connection problem with gnutls 3.1.7

Pidgin trac at pidgin.im
Sun Feb 10 07:11:30 EST 2013 

#15510: GTalk connection problem with gnutls 3.1.7
---------------------+---------------------------
 Reporter:  PhobosK  |       Owner:  rekkanoryo
     Type:  defect   |      Status:  new
Milestone:           |   Component:  unclassified
  Version:  2.10.6   |  Resolution:
 Keywords:           |
---------------------+---------------------------
Description changed by Robby:

Old description:

> Case:
> =====
> OS: Gentoo
> Pidgin: 2.10.6 built with gnutls
> GNUTLS: 3.1.7
> GTalk account
>
> When trying to connect to a GTalk account that previously worked (with
> gnutls 3.1.6), now Pidgin gives error and cannot connect:
> (13:29:51) gnutls: Handshake failed. Error The Diffie-Hellman prime sent
> by the server is not acceptable (not long enough).
> (13:29:51) connection: Connection error on 0x2212eb0 (reason: 5
> description: SSL Handshake Failed)
>
> According to GNUTLS changelog, there was a change in handling the minimum
> DH bits:
> "The minimum DH bits accepted by a client are now set by the specified
> priority string.
> The current values correspond to the previous defaults (727 bits), except
> for the SECURE128 and SECURE192 strings which increase the minimum to
> 1248 and 1776 respectively."
>
> Google has been notified about the problem, but they may not do anything
> for the fix:
> http://productforums.google.com/forum/#!msg/chat/9YO2RKJoK8w/J1dqCYkd0QkJ
>
> So should there be a fix released for Pidgin/libpurple that allows
> selection of the option without compromising all the gnutls connections?

New description:

 Case:
 =====
 OS: Gentoo
 Pidgin: 2.10.6 built with gnutls
 GNUTLS: 3.1.7
 GTalk account

 When trying to connect to a GTalk account that previously worked (with
 gnutls 3.1.6), now Pidgin gives error and cannot connect:

 {{{
 (13:29:51) gnutls: Handshake failed. Error The Diffie-Hellman prime sent
 by the server is not acceptable (not long enough).
 (13:29:51) connection: Connection error on 0x2212eb0 (reason: 5
 description: SSL Handshake Failed)
 }}}


 According to GNUTLS changelog, there was a change in handling the minimum
 DH bits:
 >The minimum DH bits accepted by a client are now set by the specified
 priority string.
 >The current values correspond to the previous defaults (727 bits), except
 for the SECURE128 and SECURE192 strings which increase the minimum to 1248
 and 1776 respectively.

 Google has been notified about the problem, but they may not do anything
 for the fix:
 http://productforums.google.com/forum/#!msg/chat/9YO2RKJoK8w/J1dqCYkd0QkJ

 So should there be a fix released for Pidgin/libpurple that allows
 selection of the option without compromising all the gnutls connections?

--

-- 
Ticket URL: <https://developer.pidgin.im/ticket/15510#comment:1>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list