FS#68357 : [nss] TLS Handshake fails in Pidgin with nss 3.58

FS#68357 - [nss] TLS Handshake fails in Pidgin with nss 3.58

Attached to Project: Arch Linux
Opened by Iru Dog (mytbk) - Wednesday, 21 October 2020, 05:46 GMT
Last edited by Jan Alexander Steffens (heftig) - Monday, 02 November 2020, 15:42 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	Jan Alexander Steffens (heftig)
Architecture	x86_64
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	11 Martin Dratva (raqua) (2020-11-04) carbolymer (carbolymer) (2020-10-30) Excitable Snowball (excitablesnowball) (2020-10-26) Marc Cousin (cousinm) (2020-10-26) Filipe Fernandes (filotek) (2020-10-24) Leslie (leslie.ann) (2020-10-23) Florian H (Sylence) (2020-10-23) Petter Strandh (PetterS) (2020-10-22) Marc Sven Schulte (msschulte) (2020-10-22) Lee Donaghy (deadite66) (2020-10-21) Bernd Amend (ptb) (2020-10-21)
Private	No

Details

Description:

Pidgin fails to do a TLS handshake in IRC and XMPP connections. The debug windows says nss handshake failure. After downgrade to nss 3.57, Pidgin works fine again.

Additional info:
* package: nss 3.58-1, pidgin 2.14.1-3

This task depends upon

Closed by Jan Alexander Steffens (heftig)
Monday, 02 November 2020, 15:42 GMT
Reason for closing: Fixed
Additional comments about closing: nss 3.58-2

Comment by Lee Donaghy (deadite66) - Wednesday, 21 October 2020, 19:04 GMT

confirmed, downgrading to nss 3.57 fixed pidgin access to google talk for me.

Comment by Marc Sven Schulte (msschulte) - Thursday, 22 October 2020, 06:59 GMT

Confirmed. Pidgin debug output:

nss: Handshake failed (-12251)
...

NSS and SSL Error Codes:

SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER -12251 "SSL received a malformed Change Cipher Spec record."

Comment by Marc Sven Schulte (msschulte) - Friday, 23 October 2020, 11:01 GMT

If you don't want to downgrade to NSS 3.57,
another workaround is to limit the TLS/SSL Version to TLS 1.2.
You can do this with the Pidgin Plugin 'NSS Preferences' (nss-prefs.so).

The error is thrown at this point, nss-3.58/nss/lib/ssl/ssl3con.c:

13064 ...... if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 &&
13065 .......... cText->hdr[0] == ssl_ct_change_cipher_spec &&
13066 .......... ss->ssl3.hs.ws != idle_handshake &&
13067 .......... cText->buf->len == 1 &&
13068 .......... cText->buf->buf[0] == change_cipher_spec_choice) {
13069 .......... if (ss->ssl3.hs.allowCcs) {
13070 .............. /* Ignore the first CCS. */
13071 .............. ss->ssl3.hs.allowCcs = PR_FALSE;
13072 ............. return SECSuccess;
13073 .......... }
13074
13075 .......... /* Compatibility mode is not negotiated. */
13076 .......... alert = unexpected_message;
13077 .......... PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
13078 ...... }

But I'm not deep enough into NSS and SSL to know exactly what is causing the problem.

Comment by Michael Eliachevitch (elimik31) - Friday, 23 October 2020, 11:13 GMT

I also stumbled upon this with Bitlbee (bitlbee-libpurple) from the AUR. I only started to try this package this week so for a long time I suspected this error to be a config error of mine. Took some time to find this. So I'm commenting here in case others will search for bitlbee in the bug tracker. In Bitlbee I got messages that the SSL handshake failed and in addition, when I looked at the systemd journal for bitlbee, I got the following cryptic error messages, not sure how they are connected:

```
g_object_unref: assertion 'G_IS_OBJECT (object)' failed
rc_update_cookies: assertion 'headers != NULL' failed
g_strstr_len: assertion 'haystack != NULL' failed
```

Downgrading NSS solved those problems

Comment by loqs (loqs) - Friday, 23 October 2020, 15:19 GMT

Intentional change in NSS [1] for CVE-2020-25648

[1] https://github.com/nss-dev/nss/commit/e10a362f69191506e73bfa31778da45f4c5df482

Edit:
Does applying the attached patch have any effect?

test.patch (0.5 KiB)

Comment by Marc Sven Schulte (msschulte) - Saturday, 24 October 2020, 00:02 GMT

Your test patch works for me.

By the way -> https://bugzilla.mozilla.org/show_bug.cgi?id=1672703

They are working on a patch for NSS (3.58.1).
It seems that Firefox also uses SSL_ENABLE_TLS13_COMPAT_MODE,
so a patch for Pidgin would also be advisable.

Comment by Lee Donaghy (deadite66) - Saturday, 24 October 2020, 06:33 GMT

confirmed, patch works with nss 3.58

Comment by Danny Schneider (schnedan) - Sunday, 25 October 2020, 17:15 GMT

Can confirm bug, have the effect on two different computers,
chatted with the admin of jabber.de to search for the cause,
he tested same pidgin / libpurple versions on some different
distro, which worked for him. Also I tested jabber chat with
thunderbird on my affected computer - works (so its not router,
firewall, whatever)

Comment by loqs (loqs) - Sunday, 25 October 2020, 18:36 GMT

Does the proposed upstream fix work. Attached PKGBUILD.diff applying [1].

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1672703#c10
Edit:
Sorry missed deadite66 had already confirmed it.

PKGBUILD.diff (5.8 KiB)

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#68357 - [nss] TLS Handshake fails in Pidgin with nss 3.58

Details

Loading...