Bug#505103: Cannot connect to Google Talk servers

Sun, 09 Nov 2008 05:31:39 -0800 

Package: tkabber
Version: 0.11.0-2
Severity: important
Tags: patch

Tkabber fails to connect to Google Talk XMPP servers in either of
two possible ways:
1) In STARTTLS mode (either X-GOOGLE-TOKEN or PLAIN or both SASL
   mechanisms allowed) it hangs for about 15 seconds and then
   returns "Handshake failed: connection reset by peer" error.
2) In "Legacy SSL" mode (with PLAIN SASL mechanism allowed, as
   required) it hangs for about 10-15 seconds, reports the
   "SSLv3 read server hello A" SSL progress report in the status
   pane, it then hangs for about 30 seconds after which shows
   the "Handshake failed: connection reset by peer" error.

Investigation turns out that it's actually a problem in the
Google's understanding of the TLS/SSL protocols -- [1].

Anyway, for Tkabber the solution is to remove forced selection of
allowed versions of the TLS/SSL protocols (support for them is
provided by the tcl-tls package which is a wrapper around
libopenssl). The attached patch fixes the problem.

[1] http://logs.jabber.org/[EMAIL PROTECTED]/2008-10-12.html#15:12:36

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages tkabber depends on:
ii  bwidget                      1.8.0-3     A set of extension widgets for Tcl
ii  tcl8.4                       8.4.19-2    Tcl (the Tool Command Language) v8
ii  tcl8.5                       8.5.3-2     Tcl (the Tool Command Language) v8
ii  tcllib                       1.10-dfsg-3 the Standard Tcl Library
ii  tk8.4                        8.4.19-2    Tk toolkit for Tcl and X11, v8.4 -
ii  tk8.5                        8.5.3-3     Tk toolkit for Tcl and X11, v8.5 -

Versions of packages tkabber recommends:
ii  libtk-img                1:1.3-release-7 Extended image format support for 
pn  libudp-tcl               <none>          (no description available)
ii  tcl-tls                  1.5.0.dfsg-9    the TLS OpenSSL extension to Tcl

Versions of packages tkabber suggests:
pn  tkabber-plugins               <none>     (no description available)

-- no debconf information

--- jabberlib/transports.tcl.orig       2008-11-09 16:04:09.000000000 +0300
+++ jabberlib/transports.tcl    2008-11-09 16:04:19.000000000 +0300
@@ -348,9 +348,6 @@
 
     eval [list tls::import $sock \
               -command [list client:tls_callback $connid] \
-              -ssl2    false \
-              -ssl3    true \
-              -tls1    true \
               -request true \
               -require false \
               -server  false] $args

Reply via email to