This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 1086668 - Login fails with "Read Error"
Login fails with "Read Error"
Status: CLOSED DUPLICATE of bug 770682
Product: Fedora
Classification: Fedora
Component: pidgin-sipe (Show other bugs)
20
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Stefan Becker
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2014-04-11 05:32 EDT by Christian Krause
Modified: 2014-04-11 06:13 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-04-11 06:09:17 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Christian Krause 2014-04-11 05:32:14 EDT
Description of problem:
Since Fedora 20, the login to Lync fails with the error message "Read Error".

Version-Release number of selected component (if applicable):
purple-sipe-1.18.0-2.fc20.x86_64

How reproducible:
100%

Steps to Reproduce:
1. try to connect to Lync server

Actual results:
"Read Error"


Additional info:

From http://sourceforge.net/p/sipe/wiki/Frequently%20Asked%20Questions/#after-upgrading-to-nss-3131-or-newerwzxhzdk12wzxhzdk16insert-your-favorite-linux-distribution-herewzxhzdk17-xxxwzxhzdk13windows-pidgin-2107wzxhzdk14mac-os-x-1085-109wzxhzdk15-login-fails-with-read-error :

------------------------------
This problem is caused by the NSS security fix for CVE-2011-3389. There is an ongoing discussion how this fix affects SSL connections to various SSL servers. Setting the environment variable NSS_SSL_CBC_RANDOM_IV=0 when running Pidgin fixes the problem:

$ export NSS_SSL_CBC_RANDOM_IV=0
$ pidgin

$ NSS_SSL_CBC_RANDOM_IV=0 pidgin
------------------------------

Setting the environment variable fixes the problem for me. Since that is just a workaround, I'd like to suggest to implement that workaround in the plugin itself.

Otherwise, purple-sipe is not usable out-of-the-box in F20.
Comment 1 Stefan Becker 2014-04-11 06:09:17 EDT
This can't be fixed in the plugin code, because it does not call or control NSS directly.

For the reasoning why the default for NSS_SSL_CBC_RANDOM_IV was changed for F20+ see bug 1020420.

Closing as duplicate.

*** This bug has been marked as a duplicate of bug 770682 ***
Comment 2 Stefan Becker 2014-04-11 06:13:25 EDT
Furthermore you forgot to quote the whole of http://sourceforge.net/p/sipe/wiki/Frequently%20Asked%20Questions/#after-upgrading-to-nss-3131-or-newerwzxhzdk12wzxhzdk16insert-your-favorite-linux-distribution-herewzxhzdk17-xxxwzxhzdk13windows-pidgin-2107wzxhzdk14mac-os-x-1085-109wzxhzdk15-login-fails-with-read-error :

UPDATE Oct-2013: Fedora 20 (and newer) will no longer disable the NSS BEAST security fix by default as they did in earlier releases. You will have to use the environment variable.

Note You need to log in before you can comment on or make changes to this bug.