Menu
▾
▴
1 Attachments
#249 Adium 1.5.10.: Sipe plugin 1.18.1 can't login to Office 365
Sipe plugin 1.18.1 doesn't login to Office 365 using Adium 1.5.10.
This is new behavior from the Adium update; 1.5.9 works with 1.18.1.
System OS: Mac OS X 10.9.3
Related
Bugs: #250
Bugs: #251
Bugs: #252
Bugs: #253
Bugs: #254
Bugs: #266
Your log shows that your Lync service is not accepting SSL connections with BEAST mitigation (CVE-2011-3389):
See also Adium Ticket #16650 and SIPE Bug #216.
Your log does not show that SSL BEAST mitigation workaround in Adium CDSA module has been activated. This can either mean that you have not selected that feature in the SIPE account settings or that Adium folks have decided not to include/forgotten to include the SSL BEAST mitigation workaround in the CDSA plugin for 1.5.10. If it is the latter then please file a bug with Adium.
Closing as INVALID.
Last edit: Stefan Becker 2014-05-20
Please ensure that the "Disable BEAST mitigations" checkbox is checked on the "Options" tab of your Account preferences.
Due to the BEAST mitigations that are now enabled in 10.9 and 10.8.5+, you need to disable them when connecting to some OCS/Lync servers.
SIPEAdiumPlugin maintainer has verified that SSL BEAST mitigation workaround is included in the Adium 1.5.10 release binary. So the only reason can be that for some unknown reason the SSL BEAST mitigation setting got lost from your account settings. Please re-enable it.
Adium 1.5.10 is broken. They reverted a change from Adium 1.5.7 that fixed SSL read errors for SIPE in certain situations. Now that problem is back again :-(
The Adium bug ticket for this issue is #16356.
FYI: Adium bug tracker has now a new ticket #16773
I have an idea how this problem can be fixed in the Adium source code, but I'll need to verify it first.
Status update:
The revert for Adium #16356 was actually correct. Unfortunately the original fix was hiding the real root cause. SSL for SIPE connections does actually work, but not for one of them: login.microsoft.com.
It looks like that server has the same issue as is being discussed for Yahoo servers (Adium #16678 and Pidgin #16172): the Microsoft server does not send a TLS close_notify alert before closing the connection. Mac OS X CDSA considers this an error and aborts the SSL connection (error code 9806). Unfortunately it doesn't first deliver the already received data upwards, so SIPE doesn't get a chance to complete the response processing.
I currently have no idea if it is possible to disable the close_notify check in CDSA.
I've come up with a proposal to the Adium project how to implement a workaround for this problem that can then be enabled explicitly by protocol plugins.
Last edit: Stefan Becker 2014-05-24
Adium has pushed a fix in https://hg.adium.im/adium/rev/e9b20f65795c.
There's a nightly build at http://nightly.adium.im/adium-adium-1.5.11/Adium_1.5.11hgr5877.dmg that includes this fix.
While the submitted fix sounds logical, it fails to fix the problem :-( I've therefore updated my fix proposal. I have removed the requirement to set an option from the plugin.
There's a new fix, which hopefully does work, committed in https://hg.adium.im/adium/rev/5a28350c3d.
A new nightly is available: http://nightly.adium.im/adium-adium-1.5.11/Adium_1.5.11hgr5881.dmg.
I can confirm that the problem is solved with the latest change. Thanks.
I'll update the FAQ.