After some modifications to the accepted cyphers on TLS negotiation on Skype for Business (former Lync or Office Communicator) by Microsoft, pidgin-sipe plugin is unable to authenticate to a Microsoft Skype for Business server A patch has been issued upstream, unfortunately I'm unable right now to install all the dependencies to rebuild the package and test it by myself. This is the thread post in which the backward compatible patch has been announced: http://sourceforge.net/p/sipe/bugs/285/?limit=25&page=1#a385 And this is the patch url: http://sourceforge.net/p/sipe/bugs/_discuss/thread/1fd86f04/a385/attachment/0001-Fix-285-backport-for-1.18.x-1.19.x.patch Maybe the package maintainer has all the required infrastructure to rebuild the patch. I can then test it for both architectures (i586 and x86_64).
Neither pidgin-sipe nor pidgin have official maintainers, so CC'ing packagers who already did some work on either packages.
Keywords: (none) => PATCHCC: (none) => fundawang, geiger.david68210, jani.valimaa, luigiwalser, mageia, shlomifSource RPM: (none) => pidgin-sipe
Thanks for your report Giuseppe Merigo :) Now fixed for mga5 Core/Updates_testing with upstream patch. I'll do an update for Cauldron too with latest 1.20.0 version.
Thank you David, I'm enabling testing to see if works, I'll report as soon as I'm able.
I've installed pidgin-sipe-1.18.3-4.1.mga5.i586.rpm from core/updates i586 but I've the same problem as before. Maybe I have to tinker with the settings.
The same for the x86_64 version. I'll report back when I find which settings need to be applied (e.g. the correct user agent seems to be a requirement).
Assignee: bugsquad => geiger.david68210
Unfortunately I'm still unable to login. I tracked the issue to a permission denied on an http certificate request to my user on the Skype for Business server and requested assistance from its admins, but I think it will be a long time since there's no official support to Pidgin in my organization. So I'll probably be unable to verify these updated packages for a long time.
So, as there is no more reporter and no more test for this update for some months now I'll close this bug as a WONTFIX. Could a sysadmin nuke from Core/Updates_testing repo the following packages, please? - pidgin-sipe-1.18.3-4.1.mga5.i586.rpm - pidgin-sipe-1.18.3-4.1.mga5.x86_64.rpm from srpm: - pidgin-sipe-1.18.3-4.1.mga5.src.rpm
CC'ing the sysadmins. See the request in Comment 7 to remove pidgin-sipe from updates_testing. Thanks.
CC: (none) => sysadmin-bugs
Could you please wait until tomorrow? We had an upgrade this week and I would like to try again. Of course I already have the packages but if I could test against the new configuration it could be worth trying. I will check tonight with the 64 bit version and tomorrow with the 32bit one.
On a 64 bit system you can use these parameters to log in on skyper for business: Server/Port: sipdir.online.lync.com:443 Connection type: Auto User Agent: UCCAPI/4.0.7577.314 OC/4.0.7577.314 (Microsoft Lync 2010) Auth. Scheme: TLS-DSK I've been able to test only login and messaging but I don't remember if something else worked, it's just good enough for me. Tomorrow I can test the 32 bit system.
Thanks Giuseppe. David, please assign to QA with an advisory.
Whiteboard: (none) => MGA5-64-OK
Assigning to QA, Advisory: ============================= Microsoft seems to be rolling out a server configuration change that disables RC4 stream cipher support in SChannel (== Windows crypto implementation). Therefore (some) Office365 servers no longer accept the SIPE ClientHello message in the TLS-DSK handshake. The server responds without sending any TLS-DSK GSSAPI data back, i.e. sipe-tls is called with an empty TLS record. Depending on the authentication settings the end user sees one of the following error messages: o Failed to authenticate to server o Incompatible authentication scheme chosen We need to add (at least) AES-128/256-CBC stream cipher support in SIPE. This update fix this issue applying the upstream patch. ============================= Packages in 5/core/updates_testing: ======================== pidgin-sipe-1.18.3-4.1.mga5.i586.rpm pidgin-sipe-1.18.3-4.1.mga5.x86_64.rpm Source RPM: ======================== pidgin-sipe-1.18.3-4.1.mga5.src.rpm
Assignee: geiger.david68210 => qa-bugs
I confirm the 32 bit version working too.
Thanks again Giuseppe. Validating this now. Please push to core/updates. Thanks.
Keywords: PATCH => validated_updateWhiteboard: MGA5-64-OK => MGA5-64-OK MGA5-32-OK
Advisory uploaded.
Whiteboard: MGA5-64-OK MGA5-32-OK => has_procedure advisory MGA5-64-OK MGA5-32-OK
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGAA-2016-0039.html
Status: NEW => RESOLVEDResolution: (none) => FIXED