Facebook again with the SSL Handshake Failed

[RodMyers]

FreeBSD 12.0
Pidgin Pidgin 2.12.0 (libpurple 2.12.0

Just started with the SSL Handshake Failed

Attached is a (hopefully) sanitised log file with only facebook enabled during startup

rdmyers.42@gmail.pidgin.log

[dequis]

This sounds like #404 but applied to the first connection instead of the others.

Update to pidgin/libpurple 2.13 to fix this, or see the other ticket for workarounds

[RodMyers]

as soon as libpurple gets gets ported to FreeBSD, I will

[flynd]

I got the same problem this morning and I can confirm that after upgrading to pidgin/libpurple 2.13.0 it now works fine again.

[RodMyers]

very cool. I guess I wait for it to it the FreeBSD ports tree.

Then I'll close this

[dequis]

Reopening this for visibility.

The solutions, either:

• Upgrade to pidgin/libpurple 2.13.0
• Or, workaround for 2.12.0 and older: Tools -> plugins -> nss preferences, set maximum version to tls 1.2 instead of 1.3

[gaetanquentin]

switched to tls 1.2 on ubuntu bionic. works fine.

[virgoparna]

After changing nss preferences I needed to disable account and then re-enable. Just reconnect did not work. And that workaround is relevant to Windows users, because Windows version is still on 2.12.

[dequis]

Huh that's interesting because as far as I know, the NSS distributed with windows pidgin doesn't support TLS 1.3 at all, so windows users shouldn't be affected.

Did you actually have this issue in windows or was that a guess?

[virgoparna]

I guess it would be a guess. Only error I got was cannot connect. Disabling and enabling account did not help. Started checking issues and when I enabled NSS Preferences plugin both minimum and maximum version were SSL 3. Changed maximum version to TLS 1.2 (no 1.3). And after that it connected. So i thought it is related issue.

[dequis]

Ah, yeah, SSL 3 is the oldest option and it's insecure, it's good that facebook stopped supporting it (and i'm surprised it lasted this long). Your issue was the NSS preferences plugin itself, basically (it saves its settings to the prefs file, so it probably applied that even when disabled)

[migdal-or]

I never used the NSS preferences plugin, but today, after 2 weeks of facebook unavailability "SSL Handshake Failed", I found it, enabled, changed maximum TLS version from 1.0 to 1.2 and - whoa! - finally managed to log in! My OS is Debian Linux 9.

[pierrepierrepierre]

Here same problem on Linux Mint 19,
same solution with option > plugin > Nss preferences > Maximum version = TLS 1.2
thanks !

[petermolnar]

I've never had this error up until today. Tried everything - NSS plugin, recompiling, updating libpurple -, nothing seems to be working.
Worth mentioning that I really need the work chat branch, which complicates things.

[migdal-or]

petermolnar, this plugin works for me now. Are you positively sure that you tried option > plugin > Nss preferences > Maximum version = TLS 1.2 ?

[petermolnar]

@migdal-or I got it working, had to get rid of gntls in pidgin. See #410 (comment)

[ostaszewskik]

* Or, workaround for 2.12.0 and older: Tools -> plugins -> nss preferences, set maximum version to tls 1.2 instead of 1.3

I confirm this solution works on Ubuntu 18.04 with pidgin 2.12 and purple-facebook 20190113-0.9.6-0250907-166. In addition to bumping TLS version I also enabled different ciphers.