Discussion:
Jabberd2: nss: Handshake failed
s***@my-server.km.ua
2016-04-11 07:02:13 UTC
Permalink
Dear support team, good afternoon. I'm having serious problems with the product. The fact that we are trying to make a stand-alone Jabber server. As a customer of our employees are already using Pidgin. We believe that this is the best client IM. But, unfortunately, there was an error SSL.

In Jabberd2 (2.2.8) is used as a server as a client - 2.6.6. There is a SSL connection error (nss: Handshake failed (-5938)). Unsecured connection is working properly. We tried to run the latest client and server assembly 2.10.11 (nss and gnutls). For jabberd2 - openssl 1.0.1, but we got a similar error. Also, apply the patch (https://github.com/jabberd2/jabberd2/commit/ad9ead7816e23f48d9b46905bcbe17b7b4b6a910). It also does not solve the problem.

Please help solve the problem.

Best regards, Alexander
Eion Robb
2016-04-11 08:06:41 UTC
Permalink
Hi there,

Just wondering if you've tried using the "NSS Preferences" plugin in Pidgin
to adjust what methods of TLS/SSL encryption you're using to connect to
your server?

If you have and you're still having trouble, are you able to pastebin a
full debug log (from the buddy list, Help->Debug Window), as you connect to
the server and get the SSL handshake error?

Cheers,
Eion
Post by s***@my-server.km.ua
Dear support team, good afternoon. I'm having serious problems with the
product. The fact that we are trying to make a stand-alone Jabber server.
As a customer of our employees are already using Pidgin. We believe that
this is the best client IM. But, unfortunately, there was an error SSL.
In Jabberd2 (2.2.8) is used as a server as a client - 2.6.6. There is a
SSL connection error (nss: Handshake failed (-5938)). Unsecured connection
is working properly. We tried to run the latest client and server assembly
2.10.11 (nss and gnutls). For jabberd2 - openssl 1.0.1, but we got a
similar error. Also, apply the patch (
https://github.com/jabberd2/jabberd2/commit/ad9ead7816e23f48d9b46905bcbe17b7b4b6a910).
It also does not solve the problem.
Please help solve the problem.
Best regards, Alexander
_______________________________________________
https://pidgin.im/cgi-bin/mailman/listinfo/support
s***@my-server.km.ua
2016-04-11 08:27:47 UTC
Permalink
Yes, we tried to use this plug-in, but it did no good. We turned it on, but did not touch the settings.

log (windows xp, pidgin 2.10.12)
(11:22:48) account: Connecting to account ***@myims.pp.ua/home.
(11:22:48) connection: Connecting. gc = 015B9AC8
(11:22:48) dnsquery: Performing DNS lookup for myims.pp.ua
(11:22:48) dnsquery: IP resolved for myims.pp.ua
(11:22:48) proxy: Attempting connection to 23.252.107.2
(11:22:48) proxy: Connecting to myims.pp.ua:5222 with no proxy
(11:22:48) proxy: Connection in progress
(11:22:48) proxy: Connecting to myims.pp.ua:5222.
(11:22:48) proxy: Connected to myims.pp.ua:5222.
(11:22:49) nss: Handshake failed (-12263)
(11:22:49) connection: Connection error on 015B9AC8 (reason: 5 description: SSL-рукопожатие не удалось)
(11:22:49) account: Disconnecting account ***@myims.pp.ua/home (0256D630)
(11:22:49) connection: Disconnecting connection 015B9AC8
(11:22:49) connection: Destroying connection 015B9AC8
Post by Eion Robb
Hi there,
Just wondering if you've tried using the "NSS Preferences" plugin in Pidgin to adjust what methods of TLS/SSL encryption you're using to connect to your server?
If you have and you're still having trouble, are you able to pastebin a full debug log (from the buddy list, Help->Debug Window), as you connect to the server and get the SSL handshake error?
Cheers,
Eion
Post by s***@my-server.km.ua
Dear support team, good afternoon. I'm having serious problems with the product. The fact that we are trying to make a stand-alone Jabber server. As a customer of our employees are already using Pidgin. We believe that this is the best client IM. But, unfortunately, there was an error SSL.
In Jabberd2 (2.2.8) is used as a server as a client - 2.6.6. There is a SSL connection error (nss: Handshake failed (-5938)). Unsecured connection is working properly. We tried to run the latest client and server assembly 2.10.11 (nss and gnutls). For jabberd2 - openssl 1.0.1, but we got a similar error. Also, apply the patch (https://github.com/jabberd2/jabberd2/commit/ad9ead7816e23f48d9b46905bcbe17b7b4b6a910). It also does not solve the problem.
Please help solve the problem.
Best regards, Alexander
_______________________________________________
https://pidgin.im/cgi-bin/mailman/listinfo/support
s***@my-server.km.ua
2016-04-11 08:32:21 UTC
Permalink
ports to the server are closed. If necessary, we will open. Please let us know one or more IP addresses.
Post by Eion Robb
Hi there,
Just wondering if you've tried using the "NSS Preferences" plugin in Pidgin to adjust what methods of TLS/SSL encryption you're using to connect to your server?
If you have and you're still having trouble, are you able to pastebin a full debug log (from the buddy list, Help->Debug Window), as you connect to the server and get the SSL handshake error?
Cheers,
Eion
Post by s***@my-server.km.ua
Dear support team, good afternoon. I'm having serious problems with the product. The fact that we are trying to make a stand-alone Jabber server. As a customer of our employees are already using Pidgin. We believe that this is the best client IM. But, unfortunately, there was an error SSL.
In Jabberd2 (2.2.8) is used as a server as a client - 2.6.6. There is a SSL connection error (nss: Handshake failed (-5938)). Unsecured connection is working properly. We tried to run the latest client and server assembly 2.10.11 (nss and gnutls). For jabberd2 - openssl 1.0.1, but we got a similar error. Also, apply the patch (https://github.com/jabberd2/jabberd2/commit/ad9ead7816e23f48d9b46905bcbe17b7b4b6a910). It also does not solve the problem.
Please help solve the problem.
Best regards, Alexander
_______________________________________________
https://pidgin.im/cgi-bin/mailman/listinfo/support
Eion Robb
2016-04-11 10:24:16 UTC
Permalink
According to
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/SSL_functions/sslerr.html
error -12263 from NSS means:

SSL_ERROR_RX_RECORD_TOO_LONG -12263 "SSL received a record that exceeded
the maximum permissible length."

This generally indicates that the remote peer system has a flawed
implementation of SSL, and is violating the SSL specification.
Post by s***@my-server.km.ua
ports to the server are closed. If necessary, we will open. Please let us
know one or more IP addresses.
Post by Eion Robb
Hi there,
Just wondering if you've tried using the "NSS Preferences" plugin in
Pidgin to adjust what methods of TLS/SSL encryption you're using to connect
to your server?
Post by Eion Robb
If you have and you're still having trouble, are you able to pastebin a
full debug log (from the buddy list, Help->Debug Window), as you connect to
the server and get the SSL handshake error?
Post by Eion Robb
Cheers,
Eion
Post by s***@my-server.km.ua
Dear support team, good afternoon. I'm having serious problems with the
product. The fact that we are trying to make a stand-alone Jabber server.
As a customer of our employees are already using Pidgin. We believe that
this is the best client IM. But, unfortunately, there was an error SSL.
Post by Eion Robb
Post by s***@my-server.km.ua
In Jabberd2 (2.2.8) is used as a server as a client - 2.6.6. There is a
SSL connection error (nss: Handshake failed (-5938)). Unsecured connection
is working properly. We tried to run the latest client and server assembly
2.10.11 (nss and gnutls). For jabberd2 - openssl 1.0.1, but we got a
similar error. Also, apply the patch (
https://github.com/jabberd2/jabberd2/commit/ad9ead7816e23f48d9b46905bcbe17b7b4b6a910).
It also does not solve the problem.
Post by Eion Robb
Post by s***@my-server.km.ua
Please help solve the problem.
Best regards, Alexander
_______________________________________________
https://pidgin.im/cgi-bin/mailman/listinfo/support
s***@my-server.km.ua
2016-04-11 10:43:14 UTC
Permalink
Yes, I have seen this information.
I have to really understand why this error occurs, as I successfully connect to a host other tools. It may make sense to debug the library itself and its NSS tools. By the way, try to collect pidgin supporting gnutls also did not give a positive result. Submitting materials:
Loading Image...
Loading Image...
Loading Image...
http://www.titan-machine.pp.ua/ssl_test.txt
SSL_ERROR_RX_RECORD_TOO_LONG -12263 "SSL received a record that exceeded the maximum permissible length."
This generally indicates that the remote peer system has a flawed implementation of SSL, and is violating the SSL specification.
Post by s***@my-server.km.ua
ports to the server are closed. If necessary, we will open. Please let us know one or more IP addresses.
Post by Eion Robb
Hi there,
Just wondering if you've tried using the "NSS Preferences" plugin in Pidgin to adjust what methods of TLS/SSL encryption you're using to connect to your server?
If you have and you're still having trouble, are you able to pastebin a full debug log (from the buddy list, Help->Debug Window), as you connect to the server and get the SSL handshake error?
Cheers,
Eion
Post by s***@my-server.km.ua
Dear support team, good afternoon. I'm having serious problems with the product. The fact that we are trying to make a stand-alone Jabber server. As a customer of our employees are already using Pidgin. We believe that this is the best client IM. But, unfortunately, there was an error SSL.
In Jabberd2 (2.2.8) is used as a server as a client - 2.6.6. There is a SSL connection error (nss: Handshake failed (-5938)). Unsecured connection is working properly. We tried to run the latest client and server assembly 2.10.11 (nss and gnutls). For jabberd2 - openssl 1.0.1, but we got a similar error. Also, apply the patch (https://github.com/jabberd2/jabberd2/commit/ad9ead7816e23f48d9b46905bcbe17b7b4b6a910). It also does not solve the problem.
Please help solve the problem.
Best regards, Alexander
_______________________________________________
https://pidgin.im/cgi-bin/mailman/listinfo/support
s***@my-server.km.ua
2016-04-11 10:46:59 UTC
Permalink
I also tested the system in a self-signed certificate of different lengths (384 - 4096). It also did not affect the situation.

ps I use googlt translator. It may incorrectly translate. I beg your forgiveness for it.
SSL_ERROR_RX_RECORD_TOO_LONG -12263 "SSL received a record that exceeded the maximum permissible length."
This generally indicates that the remote peer system has a flawed implementation of SSL, and is violating the SSL specification.
Post by s***@my-server.km.ua
ports to the server are closed. If necessary, we will open. Please let us know one or more IP addresses.
Post by Eion Robb
Hi there,
Just wondering if you've tried using the "NSS Preferences" plugin in Pidgin to adjust what methods of TLS/SSL encryption you're using to connect to your server?
If you have and you're still having trouble, are you able to pastebin a full debug log (from the buddy list, Help->Debug Window), as you connect to the server and get the SSL handshake error?
Cheers,
Eion
Post by s***@my-server.km.ua
Dear support team, good afternoon. I'm having serious problems with the product. The fact that we are trying to make a stand-alone Jabber server. As a customer of our employees are already using Pidgin. We believe that this is the best client IM. But, unfortunately, there was an error SSL.
In Jabberd2 (2.2.8) is used as a server as a client - 2.6.6. There is a SSL connection error (nss: Handshake failed (-5938)). Unsecured connection is working properly. We tried to run the latest client and server assembly 2.10.11 (nss and gnutls). For jabberd2 - openssl 1.0.1, but we got a similar error. Also, apply the patch (https://github.com/jabberd2/jabberd2/commit/ad9ead7816e23f48d9b46905bcbe17b7b4b6a910). It also does not solve the problem.
Please help solve the problem.
Best regards, Alexander
_______________________________________________
https://pidgin.im/cgi-bin/mailman/listinfo/support
s***@my-server.km.ua
2016-04-11 14:52:37 UTC
Permalink
I have tried to connect to the host using the utility from the package NSS ssltap. The program is successfully connected.
I do not quite understand how is it that Pidgin, using for this library can not be connected and the correct tool makes it with no problems.

This is exactly the problem in pidgin.
SSL_ERROR_RX_RECORD_TOO_LONG -12263 "SSL received a record that exceeded the maximum permissible length."
This generally indicates that the remote peer system has a flawed implementation of SSL, and is violating the SSL specification.
Post by s***@my-server.km.ua
ports to the server are closed. If necessary, we will open. Please let us know one or more IP addresses.
Post by Eion Robb
Hi there,
Just wondering if you've tried using the "NSS Preferences" plugin in Pidgin to adjust what methods of TLS/SSL encryption you're using to connect to your server?
If you have and you're still having trouble, are you able to pastebin a full debug log (from the buddy list, Help->Debug Window), as you connect to the server and get the SSL handshake error?
Cheers,
Eion
Post by s***@my-server.km.ua
Dear support team, good afternoon. I'm having serious problems with the product. The fact that we are trying to make a stand-alone Jabber server. As a customer of our employees are already using Pidgin. We believe that this is the best client IM. But, unfortunately, there was an error SSL.
In Jabberd2 (2.2.8) is used as a server as a client - 2.6.6. There is a SSL connection error (nss: Handshake failed (-5938)). Unsecured connection is working properly. We tried to run the latest client and server assembly 2.10.11 (nss and gnutls). For jabberd2 - openssl 1.0.1, but we got a similar error. Also, apply the patch (https://github.com/jabberd2/jabberd2/commit/ad9ead7816e23f48d9b46905bcbe17b7b4b6a910). It also does not solve the problem.
Please help solve the problem.
Best regards, Alexander
_______________________________________________
https://pidgin.im/cgi-bin/mailman/listinfo/support
s***@my-server.km.ua
2016-04-13 04:51:19 UTC
Permalink
Robb, hello.
Old SSL and failed to start, but STARTTLS (5222 TLS) is working very well. This is not exactly what we need, because we use VPN.

I think you need to fix the problem, because it is

Thank you for your time.
SSL_ERROR_RX_RECORD_TOO_LONG -12263 "SSL received a record that exceeded the maximum permissible length."
This generally indicates that the remote peer system has a flawed implementation of SSL, and is violating the SSL specification.
Post by s***@my-server.km.ua
ports to the server are closed. If necessary, we will open. Please let us know one or more IP addresses.
Post by Eion Robb
Hi there,
Just wondering if you've tried using the "NSS Preferences" plugin in Pidgin to adjust what methods of TLS/SSL encryption you're using to connect to your server?
If you have and you're still having trouble, are you able to pastebin a full debug log (from the buddy list, Help->Debug Window), as you connect to the server and get the SSL handshake error?
Cheers,
Eion
Post by s***@my-server.km.ua
Dear support team, good afternoon. I'm having serious problems with the product. The fact that we are trying to make a stand-alone Jabber server. As a customer of our employees are already using Pidgin. We believe that this is the best client IM. But, unfortunately, there was an error SSL.
In Jabberd2 (2.2.8) is used as a server as a client - 2.6.6. There is a SSL connection error (nss: Handshake failed (-5938)). Unsecured connection is working properly. We tried to run the latest client and server assembly 2.10.11 (nss and gnutls). For jabberd2 - openssl 1.0.1, but we got a similar error. Also, apply the patch (https://github.com/jabberd2/jabberd2/commit/ad9ead7816e23f48d9b46905bcbe17b7b4b6a910). It also does not solve the problem.
Please help solve the problem.
Best regards, Alexander
_______________________________________________
https://pidgin.im/cgi-bin/mailman/listinfo/support
Loading...