Bug 1086668 - Login fails with "Read Error"
Summary: Login fails with "Read Error"
Keywords:
Status: CLOSED DUPLICATE of bug 770682
Alias: None
Product: Fedora
Classification: Fedora
Component: pidgin-sipe
Version: 20
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Stefan Becker
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-04-11 09:32 UTC by Christian Krause
Modified: 2014-04-11 10:13 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-04-11 10:09:17 UTC


Attachments (Terms of Use)

Description Christian Krause 2014-04-11 09:32:14 UTC
Description of problem:
Since Fedora 20, the login to Lync fails with the error message "Read Error".

Version-Release number of selected component (if applicable):
purple-sipe-1.18.0-2.fc20.x86_64

How reproducible:
100%

Steps to Reproduce:
1. try to connect to Lync server

Actual results:
"Read Error"


Additional info:

From http://sourceforge.net/p/sipe/wiki/Frequently%20Asked%20Questions/#after-upgrading-to-nss-3131-or-newerwzxhzdk12wzxhzdk16insert-your-favorite-linux-distribution-herewzxhzdk17-xxxwzxhzdk13windows-pidgin-2107wzxhzdk14mac-os-x-1085-109wzxhzdk15-login-fails-with-read-error :

------------------------------
This problem is caused by the NSS security fix for CVE-2011-3389. There is an ongoing discussion how this fix affects SSL connections to various SSL servers. Setting the environment variable NSS_SSL_CBC_RANDOM_IV=0 when running Pidgin fixes the problem:

$ export NSS_SSL_CBC_RANDOM_IV=0
$ pidgin

$ NSS_SSL_CBC_RANDOM_IV=0 pidgin
------------------------------

Setting the environment variable fixes the problem for me. Since that is just a workaround, I'd like to suggest to implement that workaround in the plugin itself.

Otherwise, purple-sipe is not usable out-of-the-box in F20.

Comment 1 Stefan Becker 2014-04-11 10:09:17 UTC
This can't be fixed in the plugin code, because it does not call or control NSS directly.

For the reasoning why the default for NSS_SSL_CBC_RANDOM_IV was changed for F20+ see bug 1020420.

Closing as duplicate.

*** This bug has been marked as a duplicate of bug 770682 ***

Comment 2 Stefan Becker 2014-04-11 10:13:25 UTC
Furthermore you forgot to quote the whole of http://sourceforge.net/p/sipe/wiki/Frequently%20Asked%20Questions/#after-upgrading-to-nss-3131-or-newerwzxhzdk12wzxhzdk16insert-your-favorite-linux-distribution-herewzxhzdk17-xxxwzxhzdk13windows-pidgin-2107wzxhzdk14mac-os-x-1085-109wzxhzdk15-login-fails-with-read-error :

UPDATE Oct-2013: Fedora 20 (and newer) will no longer disable the NSS BEAST security fix by default as they did in earlier releases. You will have to use the environment variable.


Note You need to log in before you can comment on or make changes to this bug.