NSS handshake fails

[mfauvain]

Hi, I cannot connect to my rocket.chat server with the following message

(16:57:07) GLib: g_strstr_len: assertion 'haystack != NULL' failed
(16:57:07) connection: Connection error on 0x564928c5eb80 (reason: 0 description: Connection error: Unable to connect to XX.XX.XX.XX: SSL Handshake Failed.)
(16:57:07) nss: Handshake failed  (-5938)```

Can you pls help?

[EionRobb]

So error 5938 from NSS means the server killed the connection during the SSL handshake

That can happen if you're trying to connect to the server with a version of TLS that it rejects or with ciphers that the server doesn't like. You might need to use the NSS Preferences plugin (in Tools->Plugins) to increase your max TLS version or to tweak the ciphers to match your server

In recent-ish versions of Pidgin, the defaults were changed to better match what Firefox uses (which is where the NSS ssl plugin comes from) - are you running a recent-ish version of Pidgin? :)

[mfauvain]

Hi, thx for quick answer. I have Pidgin 2.14.7 (libpurple 2.14.7) which I believe quite recent. I tried the nss prefs plugins and ticked all available Ciphers with minimum version 1.0 and max 1.3..

[EionRobb]

Ticking all the ciphers might not be the best idea - lots of those are either out of date or insecure

You might want to try plugging the address of the server into https://www.ssllabs.com/ssltest/ and see if it tells you what ciphers might work best?

Alternatively, if you're willing to share the address of the server (either here publically, or emailed to my github username at gmail) then I can have a look at it for you and give a suggestion?

[mfauvain]

ok, looks like issue is on my side and I need to work on my SSL setup... will revert once done. thx

[mfauvain]

Hi, I managed to sort the SSL issue. It does connect, but now loop into DNS issue

(16:59:00) dnsquery: Performing DNS lookup for X.X.X.X/chat
(16:59:00) dns: Created new DNS child 30906, there are now -247 children.
(16:59:00) dns: Successfully sent DNS request to child 30906
(16:59:00) dns: Got response for 'X.X.X.X/chat'
(16:59:00) dnsquery: Error resolving X.X.X.X/chat:
Name or service not known
(16:59:00) proxy: Connection attempt failed: Error resolving X.X.X.X/chat:
Name or service not known

The rocket.chat server is hosted on a local server and I intend to use it as internal local network chat. Is this plugin only working with external server with DNS entry?

[EionRobb]

Ah, if it's in a subfolder, you'll need to put the /chat part into the Advanced tab of the account settings, for the Server Path, and just keep the X.X.X.X domain portion of it in the 'Server' setting on the Basic tab