FS#68357 - [nss] TLS Handshake fails in Pidgin with nss 3.58

Attached to Project: Arch Linux
Opened by Iru Dog (mytbk) - Wednesday, 21 October 2020, 05:46 GMT
Last edited by Jan Alexander Steffens (heftig) - Monday, 02 November 2020, 15:42 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Jan Alexander Steffens (heftig)
Architecture x86_64
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 11
Private No

Details

Description:

Pidgin fails to do a TLS handshake in IRC and XMPP connections. The debug windows says nss handshake failure. After downgrade to nss 3.57, Pidgin works fine again.

Additional info:
* package: nss 3.58-1, pidgin 2.14.1-3
This task depends upon

Closed by  Jan Alexander Steffens (heftig)
Monday, 02 November 2020, 15:42 GMT
Reason for closing:  Fixed
Additional comments about closing:  nss 3.58-2
Comment by Lee Donaghy (deadite66) - Wednesday, 21 October 2020, 19:04 GMT
confirmed, downgrading to nss 3.57 fixed pidgin access to google talk for me.
Comment by Marc Sven Schulte (msschulte) - Thursday, 22 October 2020, 06:59 GMT
Confirmed. Pidgin debug output:

nss: Handshake failed (-12251)
...

NSS and SSL Error Codes:

SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER -12251 "SSL received a malformed Change Cipher Spec record."

Comment by Marc Sven Schulte (msschulte) - Friday, 23 October 2020, 11:01 GMT
If you don't want to downgrade to NSS 3.57,
another workaround is to limit the TLS/SSL Version to TLS 1.2.
You can do this with the Pidgin Plugin 'NSS Preferences' (nss-prefs.so).

The error is thrown at this point, nss-3.58/nss/lib/ssl/ssl3con.c:

13064 ...... if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 &&
13065 .......... cText->hdr[0] == ssl_ct_change_cipher_spec &&
13066 .......... ss->ssl3.hs.ws != idle_handshake &&
13067 .......... cText->buf->len == 1 &&
13068 .......... cText->buf->buf[0] == change_cipher_spec_choice) {
13069 .......... if (ss->ssl3.hs.allowCcs) {
13070 .............. /* Ignore the first CCS. */
13071 .............. ss->ssl3.hs.allowCcs = PR_FALSE;
13072 ............. return SECSuccess;
13073 .......... }
13074
13075 .......... /* Compatibility mode is not negotiated. */
13076 .......... alert = unexpected_message;
13077 .......... PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
13078 ...... }

But I'm not deep enough into NSS and SSL to know exactly what is causing the problem.
Comment by Michael Eliachevitch (elimik31) - Friday, 23 October 2020, 11:13 GMT
I also stumbled upon this with Bitlbee (bitlbee-libpurple) from the AUR. I only started to try this package this week so for a long time I suspected this error to be a config error of mine. Took some time to find this. So I'm commenting here in case others will search for bitlbee in the bug tracker. In Bitlbee I got messages that the SSL handshake failed and in addition, when I looked at the systemd journal for bitlbee, I got the following cryptic error messages, not sure how they are connected:

```
g_object_unref: assertion 'G_IS_OBJECT (object)' failed
rc_update_cookies: assertion 'headers != NULL' failed
g_strstr_len: assertion 'haystack != NULL' failed
```

Downgrading NSS solved those problems
Comment by loqs (loqs) - Friday, 23 October 2020, 15:19 GMT
Intentional change in NSS [1] for CVE-2020-25648

[1] https://github.com/nss-dev/nss/commit/e10a362f69191506e73bfa31778da45f4c5df482

Edit:
Does applying the attached patch have any effect?
Comment by Marc Sven Schulte (msschulte) - Saturday, 24 October 2020, 00:02 GMT
Your test patch works for me.

By the way -> https://bugzilla.mozilla.org/show_bug.cgi?id=1672703

They are working on a patch for NSS (3.58.1).
It seems that Firefox also uses SSL_ENABLE_TLS13_COMPAT_MODE,
so a patch for Pidgin would also be advisable.
Comment by Lee Donaghy (deadite66) - Saturday, 24 October 2020, 06:33 GMT
confirmed, patch works with nss 3.58
Comment by Danny Schneider (schnedan) - Sunday, 25 October 2020, 17:15 GMT
Can confirm bug, have the effect on two different computers,
chatted with the admin of jabber.de to search for the cause,
he tested same pidgin / libpurple versions on some different
distro, which worked for him. Also I tested jabber chat with
thunderbird on my affected computer - works (so its not router,
firewall, whatever)
Comment by loqs (loqs) - Sunday, 25 October 2020, 18:36 GMT
Does the proposed upstream fix work. Attached PKGBUILD.diff applying [1].

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1672703#c10
Edit:
Sorry missed deadite66 had already confirmed it.

Loading...