Bug 1086668

Summary: Login fails with "Read Error"
Product: [Fedora] Fedora Reporter: Christian Krause <chkr>
Component: pidgin-sipeAssignee: Stefan Becker <chemobejk>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: chemobejk
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-04-11 10:09:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Christian Krause 2014-04-11 09:32:14 UTC 
Description of problem:
Since Fedora 20, the login to Lync fails with the error message "Read Error".

Version-Release number of selected component (if applicable):
purple-sipe-1.18.0-2.fc20.x86_64

How reproducible:
100%

Steps to Reproduce:
1. try to connect to Lync server

Actual results:
"Read Error"


Additional info:

From http://sourceforge.net/p/sipe/wiki/Frequently%20Asked%20Questions/#after-upgrading-to-nss-3131-or-newerwzxhzdk12wzxhzdk16insert-your-favorite-linux-distribution-herewzxhzdk17-xxxwzxhzdk13windows-pidgin-2107wzxhzdk14mac-os-x-1085-109wzxhzdk15-login-fails-with-read-error :

------------------------------
This problem is caused by the NSS security fix for CVE-2011-3389. There is an ongoing discussion how this fix affects SSL connections to various SSL servers. Setting the environment variable NSS_SSL_CBC_RANDOM_IV=0 when running Pidgin fixes the problem:

$ export NSS_SSL_CBC_RANDOM_IV=0
$ pidgin

$ NSS_SSL_CBC_RANDOM_IV=0 pidgin
------------------------------

Setting the environment variable fixes the problem for me. Since that is just a workaround, I'd like to suggest to implement that workaround in the plugin itself.

Otherwise, purple-sipe is not usable out-of-the-box in F20.
Comment 1 Stefan Becker 2014-04-11 10:09:17 UTC 
This can't be fixed in the plugin code, because it does not call or control NSS directly.

For the reasoning why the default for NSS_SSL_CBC_RANDOM_IV was changed for F20+ see bug 1020420.

Closing as duplicate.

*** This bug has been marked as a duplicate of bug 770682 ***
Comment 2 Stefan Becker 2014-04-11 10:13:25 UTC 
Furthermore you forgot to quote the whole of http://sourceforge.net/p/sipe/wiki/Frequently%20Asked%20Questions/#after-upgrading-to-nss-3131-or-newerwzxhzdk12wzxhzdk16insert-your-favorite-linux-distribution-herewzxhzdk17-xxxwzxhzdk13windows-pidgin-2107wzxhzdk14mac-os-x-1085-109wzxhzdk15-login-fails-with-read-error :

UPDATE Oct-2013: Fedora 20 (and newer) will no longer disable the NSS BEAST security fix by default as they did in earlier releases. You will have to use the environment variable.