← Back to team overview

desktop-packages team mailing list archive

[Bug 1381484] Re: Fails to connect to servers that disable SSLv3

 

This bug was fixed in the package xchat-gnome -
1:0.30.0~git20131003.d20b8d+really20110821-0.2ubuntu12.1

---------------
xchat-gnome (1:0.30.0~git20131003.d20b8d+really20110821-0.2ubuntu12.1) trusty; urgency=medium

  * Don't force the use of SSLv3 (LP: #1381484)
    - debian/patches/dont_force_sslv3.patch: use SSLv23_client_method() so
      the best method gets automatically negotiated in src/common/ssl.c.
 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>   Mon, 20 Oct 2014 10:30:21 -0400

** Changed in: xchat-gnome (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

** Changed in: xchat (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xchat-gnome in Ubuntu.
https://bugs.launchpad.net/bugs/1381484

Title:
  Fails to connect to servers that disable SSLv3

Status in GNOME frontend to the popular xchat IRC client:
  New
Status in “xchat” package in Ubuntu:
  Fix Released
Status in “xchat-gnome” package in Ubuntu:
  Fix Released
Status in “xchat” source package in Precise:
  Fix Released
Status in “xchat-gnome” source package in Precise:
  In Progress
Status in “xchat” source package in Trusty:
  Fix Released
Status in “xchat-gnome” source package in Trusty:
  Fix Released
Status in “xchat” source package in Utopic:
  Fix Released
Status in “xchat-gnome” source package in Utopic:
  Fix Released
Status in “xchat-gnome” package in Debian:
  New

Bug description:
  SRU REQUEST:

  [Impact]

  Xchat-Gnome (and xchat) for the use of SSLv3. Since the Poodle attack
  on SSLv3, many servers are now disabling the use of SSLv3, making
  xchat-gnome unsable to connect successfully.

  [Test Case]

  Install xchat-gnome and connect to an irc server that no longer offers
  SSLv3.

  [Regression Potential]

  This update may possibly introduce compatibility issues with sites
  that don't properly handle TLSv1.2 negotiations. While such sites
  existed in the past, they aren't likely to be common at the present
  time. Unfortunately, there is no ultimate solution that would be
  compatible with both scenarios.

  
  Original report:

  slack.com is a chat service with optional IRC integration.  Since
  today I can no longer connect to their IRC gateway using XChat-GNOME.
  The error is:

  > * Nepavyko prisijungti. Klaida: (336130315) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
  > Ar tai tikrai SSL šifravimą palaikantis serveris ir prievadas?

  which, translated from lt_LT, means

  > * Cannot connect.  Error: (336130315) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
  > Does the server/port really support SSL?

  I think this is part of the fallout of CVE-2014-3566 (aka POODLE).
  XChat-GNOME is trying to use the insecure SSL protocol version 3, and
  Slack, reasonably enough, rejects that.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: xchat-gnome 1:0.30.0~git20131003.d20b8d+really20110821-0.2ubuntu12
  ProcVersionSignature: Ubuntu 3.13.0-37.64-generic 3.13.11.7
  Uname: Linux 3.13.0-37-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.5
  Architecture: amd64
  CurrentDesktop: GNOME
  Date: Wed Oct 15 14:50:57 2014
  EcryptfsInUse: Yes
  InstallationDate: Installed on 2012-07-25 (811 days ago)
  InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
  SourcePackage: xchat-gnome
  UpgradeStatus: Upgraded to trusty on 2014-04-18 (180 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/xchat-gnome/+bug/1381484/+subscriptions


References