Description of problem: After upgrading nss to the latest available in yum (3.19.1), pidgin can no longer connect to XMPP servers over encrypted connections. Any attempt to enable such a connection fails immediately with the message "SSL Handshake failed". This particular server uses a certificate issued by an internal CA, and the internal CA certificate has been added to NSS as a trusted source anchor in /etc/pki/ca-trust/source/anchors. I have strace logs of the failing handshake, but they're not particularly useful since it's all encrypted data. empathy has no problem with the same server, although it also pulls in the nss libraries (as per strace). Downgrading nss back to the previous version (3.18.0) fixes the problem. Anecdotally, pidgin has no such trouble on fedora 22 using nss 3.19.1. The big difference between fedora 20 and fedora 22 is pidgin's own version: 3.10.10 on f20, 3.10.11 on f21. Pidgin's changelog between those versions mentions 3 nss related issues being fixed, so that's probably what makes it work with the new nss. I know f20 is about to fall out of support, but breaking things just before the EOS deadline isn't cool... so it would be quite nice to get it fixed. Version-Release number of selected component (if applicable): pidgin 3.10.10 nss 3.19.1 How reproducible: 100% Steps to Reproduce: 1. update nss to 3.19.1 2. restart pidgin 3. connect to SSL-enabled XMPP server Actual results: "SSL Handshake failed" Expected results: Endless online chatting. Additional info:
http://pkgs.fedoraproject.org/cgit/pidgin.git/commit/?h=f20&id=4f0e8e8644adcc95790bb6a22b0eb89064c8f68a
pidgin-2.10.11-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/pidgin-2.10.11-1.fc20
Please, let me know if the new version solves your issue.
I found this bug report yesterday because I was having this exact issue after updating nss. I installed the packages for the patch and restarted Pidgin, and was able to connect to SSL-encrypted Jabber servers again. Thank you for your quick work on this!
(In reply to Jan Synacek from comment #3) > Please, let me know if the new version solves your issue. Confirmed, pidgin 3.10.11 solves the XMPP SSL negotiation issue when using nss 3.19. Thanks!
Package pidgin-2.10.11-1.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing pidgin-2.10.11-1.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-10177/pidgin-2.10.11-1.fc20 then log in and leave karma (feedback).
Fedora 20 changed to end-of-life (EOL) status on 2015-06-23. Fedora 20 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.