Need info to debug issue with ISP

Paul Aurich darkrain42 at pidgin.im
Wed Dec 16 18:17:49 EST 2009


On Dec 16, 2009, at 08:21, Moshe Cohen wrote:
> 
> Below is the output that repeats itself in a loop.
> This is clearly an issue with my ISP, not a Pidgin bug. It occurs everyday at specific hours. 
> I'm just trying to get a handle at what is wrong , because I acn't communicate with them at the "Pidgin level".
> 
> (18:15:25) proxy: Connecting to talk.google.com:5222 with no proxy
> (18:15:25) proxy: Connection in progress
> (18:15:31) proxy: Connecting to talk.google.com:5222.
> (18:15:31) proxy: Connected to talk.google.com:5222.
> (18:15:31) jabber: Sending (moshec at gmail.com/Home): <?xml version='1.0' ?>
> (18:15:31) jabber: Sending (moshec at gmail.com/Home): <stream:stream to='gmail.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
> (18:15:42) jabber: Recv (138): <stream:stream from="gmail.com" id="76279C9C7F14F024" version="1.0" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client">
> (18:15:45) msn: C: NS 000: PNG
> (18:15:46) msn: S: NS 000: QNG 49
> (18:15:48) jabber: Recv (210): <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required/></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-GOOGLE-TOKEN</mechanism></mechanisms></stream:features>
> (18:15:48) jabber: Sending (moshec at gmail.com/Home): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
> (18:15:53) jabber: Recv (50): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
> (18:15:57) nss: Handshake failed (-5938)
> (18:15:57) connection: Connection error on 050BEC90 (reason: 5 description: SSL Handshake Failed)
> (18:15:57) account: Disconnecting account moshec at gmail.com/Home (023435D8)
> (18:15:57) connection: Disconnecting connection 050BEC90
> (18:15:57) connection: Destroying connection 050BEC90

It looks like they (or something) may be interfering with SSL/TLS packets (the initial handshake, which is what is failing here, is when the two ends establish a secure connection).  This *may* be an attempt to block encrypted file sharing (BitTorrent can use SSL encryption, I believe).

Anyway, to emulate what the Google Talk client does (and should probably work with your ISP), set the Connect Port to 443 and check 'Force old (port 5223) SSL'.  This likely continues to work because the ISP doesn't want to block HTTPS (HTTP over SSL), which typically uses port 443.

~Paul


More information about the Support mailing list