Package: libnss3 Version: 2:3.19.1-2 Severity: important Dear Maintainer,
* What led up to the situation? I'm using the IM-client Pidgin to connect to jabber.xs4all.nl (XMPP). This worked without problems for years. Starting about a month ago I could no longer connect and got an error message "SSL Handshake Failed". The debug window in Pidgin (2.10.11-1) shows: (12:11:26) proxy: Connected to jabber.xs4all.nl:5222. (12:11:26) jabber: Sending (***@jabber.xs4all.nl/Home): <?xml version='1.0' ?> (12:11:26) jabber: Sending (***@jabber.xs4all.nl/Home): <stream:stream to='jabber.xs4all.nl' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'> (12:11:26) jabber: Recv (189): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams"; xmlns="jabber:client" from="jabber.xs4all.nl" id="****" xml:lang="en" version="1.0"> (12:11:26) jabber: Recv (297): <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required/></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>DIGEST-MD5</mechanism><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism><mechanism>CRAM-MD5</mechanism></mechanisms></stream:features> (12:11:26) jabber: Sending (***@jabber.xs4all.nl/Home): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> (12:11:26) jabber: Recv (50): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/> (12:11:26) nss: Handshake failed (-12173) That happens when I have libnss3(-1d) 2:3.19.1-2 or 2:3.19.2-1 installed * What exactly did you do (or not do) that was effective (or ineffective)? I downgraded libnss3(-1d) to version 2:3.19-1 * What was the outcome of this action? With libnss 2:3.19-1 works normal, giving the following debug info in Pidgin: [...] (12:18:22) jabber: Sending (***@jabber.xs4all.nl/Home): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> (12:18:22) jabber: Recv (50): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/> (12:18:22) nss: SSL version 3.1 using 128-bit AES with 160-bit SHA1 MAC Server Auth: 2048-bit RSA, Key Exchange: 768-bit DHE, Compression: NULL Cipher Suite Name: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (12:18:22) nss: subject=CN=*.xs4all.nl,OU=Domain Control Validated - Power Server ID,OU=See www.geotrust.com/resources/cps (c)10,OU=GT59386789,O=*.xs4all.nl,C=NL,serialNumber=jiHNH1-2gSw60JIZI6vLZwxPRwgRSK8x issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US (12:18:22) nss: subject=OU=Equifax Secure Certificate Authority,O=Equifax,C=US issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 3.16.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libnss3 depends on: ii libc6 2.19-18 ii libnspr4 2:4.10.8-2 ii libnspr4-0d 2:4.10.8-2 ii libsqlite3-0 3.8.10.2-1 ii zlib1g 1:1.2.8.dfsg-2+b1 libnss3 recommends no packages. libnss3 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
