Open EionRobb opened 5 years ago
Original comment by Austin Riba (Bitbucket: Fingel, GitHub: Fingel).
I can confirm this, I'm seeing the same behavior. After trying resetting the account password to "" and redoing the Oauth step, no success. It did seem to randomly work once in the last 2 days I've tried but failed again quickly with "Invalid response".
Original comment by Eion Robb (Bitbucket: EionRobb, GitHub: EionRobb).
The important part from that debug log is: "nss: Handshake failed (-12286)" Which according to https://www-archive.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html means
SSL_ERROR_NO_CYPHER_OVERLAP -12286 "Cannot communicate securely with peer: no common encryption algorithm(s)."
The local and remote systems share no cipher suites in common. This can be due to a misconfiguration at either end. It can be due to a server being misconfigured to use a non-RSA certificate with the RSA key exchange algorithm.
To resolve, you'll need to use the NSS Preferences plugin (in Tools->Plugins) to enable the right ciphers, which should be at least one of the green ones in the list from https://www.ssllabs.com/ssltest/analyze.html?d=www.googleapis.com
Original comment by Eion Robb (Bitbucket: EionRobb, GitHub: EionRobb).
Is https://packages.debian.org/sid/libpurple-bin not usable? Also, you could compile libpurple yourself
Original report by Anonymous.
I run the hangouts plugin on a couple of my machines. One of them started to fail in the last week or so with "Invalid Response." I tried refreshing my OAUTH key, but that made no difference.
I checked the debug log, and see this:
My hunch is that it is related to an openssl / Google certificate issue. I've been having SSL problems on other machines related to Gmail. In particular: https://mta.openssl.org/pipermail/openssl-project/2018-April/000623.html. Google has been presenting self-signed certificates named "invalid2.invalid" or something when clients don't use SNI. I've run into that with claws-mail and the regular jabber pidgin accounts. I might be wrong on some of the details there.
Anyway, the handshake failure and knowing that some apps are having issues with SSL and Google might be connected. I poked around the codebase and saw a few Google pem files. Perhaps the library is seeing the self-signed cert, not being able to match it to any existing files, and flipping out?