Pidgin-sipe connection error after upgrade to Ubuntu 12.04

Reported by tvicol on 2012-03-09
This bug affects 64 people
Affects Status Importance Assigned to Milestone
pidgin (Ubuntu)
pidgin-sipe (Debian)
Fix Released

Bug Description

Have upgraded from Ubuntu 11.10 to Ubuntu 12.04 and I'm no longer able to connect to Microsoft Office Communicator.
Every time I try to reconnect I get a "Read error".

Any support is appreciated.


tvicol (tiberiu-vicol) wrote :

Ref https://bugs.launchpad.net/ubuntu/+source/pidgin-sipe/+bug/947920
Setting NSS_SSL_CBC_RANDOM_IV=0 didn´t work for me.

Here is a copy from debug screen with above environment variable set.

(10:51:58) account: Connecting to account xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
(10:51:58) connection: Connecting. gc = 0x220f2d38
(10:51:58) dnsquery: Performing DNS lookup for xxxxxxxxxxxxxxxxxxxxxxxxxx
(10:51:58) dns: Wait for DNS child 2366 failed: No child processes
(10:51:58) dns: Created new DNS child 2368, there are now 1 children.
(10:51:58) dns: Successfully sent DNS request to child 2368
(10:51:58) dns: Got response for 'xxxxxxxxxxxxxxxxxxxxxxxx'
(10:51:58) dnsquery: IP resolved for xxxxxxxxxxxxxxxxxxxxxxxx
(10:51:58) proxy: Attempting connection to xxxxxxxxxxx
(10:51:58) proxy: Connecting to xxxxxxxxxxxxxxxx:5061 with no proxy
(10:51:58) proxy: Connection in progress
(10:51:59) proxy: Connecting to xxxxxxxxxxxxxxxx:5061.
(10:51:59) proxy: Connected to xxxxxxxxxxxxxxxxxx:5061.
(10:51:59) nss: subject=CN=xxxxxxxxxxxxxxxxxxxx,OU=xx,O=xx,L=PARIS,ST=ILE DE FRANCE,C=FR issuer=CN=xxxxxxxxxxxxxxxx CA 1-2,OU=0002 380129866,OU=WesternEU MiddleEast Africa,O=xxxxxxxxx SA,C=FR
(10:51:59) nss: partial certificate chain
(10:51:59) certificate/x509/tls_cached: Starting verify for xxxxxxxxxxxxxxxxxx
(10:51:59) certificate/x509/tls_cached: Checking for cached cert...
(10:51:59) certificate/x509/tls_cached: ...Found cached cert
(10:51:59) nss/x509: Loading certificate from /home/xxxx/.purple/certificates/x509/tls_peers/xxxxxxxxxxxxxxxx
(10:51:59) certificate/x509/tls_cached: Peer cert matched cached
(10:51:59) nss/x509: Exporting certificate to /home/xxxx/.purple/certificates/x509/tls_peers/xxxxxxxxxxxxxxxxxx
(10:51:59) util: Writing file /home/xxxx/.purple/certificates/x509/tls_peers/xxxxxxxxxxxxxxxxxxxx
(10:51:59) certificate: Successfully verified certificate for xxxxxxxxxxxxxxxxx
(10:51:59) stun: using server
(10:51:59) stun: using server
(10:51:59) stun: using server
(10:51:59) stun: using server
(10:51:59) stun: using server
(10:51:59) connection: Connection error on 0x220f2d38 (reason: 0 description: Read error)
(10:51:59) account: Disconnecting account xxxxxxxxxxxxxxxxxxx,ad.xxxxxxxxxxxxxxxxxxx\xxxxxxxxxx (0x21abd538)
(10:51:59) connection: Disconnecting connection 0x220f2d38
(10:51:59) GLib: g_hash_table_destroy: assertion `hash_table != NULL' failed
(10:51:59) connection: Destroying connection 0x220f2d38
(10:52:04) util: Writing file accounts.xml to directory /home/xxxx/.purple
(10:52:04) util: Writing file /home/xxxx/.purple/accounts.xml

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in pidgin (Ubuntu):
status: New → Confirmed
Jari Salo (jari-salo) wrote :


You can make a workaround by exporting this before starting pidgin:

tvicol (tiberiu-vicol) wrote :

As I said above

Setting NSS_SSL_CBC_RANDOM_IV=0 didn´t work for me.

Jari Salo (jari-salo) wrote :

Sorry, missed that. That workaround isn't working for me anymore either.

sacapeao (sacapeao) wrote :

export NSS_SSL_CBC_RANDOM_IV=0 worked
for it to take effect open a terminal window then
$ pidgin

tvicol (tiberiu-vicol) wrote :

Many thanks, sacapeao !
Now I got it working.

Does anyone know when we´ll have a permanent fix ?

Jari Salo (jari-salo) wrote :

I had wrong server address on the second time I tried to use this workaround. I can confirm that the workaround is (still) working.

thefuzz4 (jason-hamilton) wrote :

I also can verify that the work around as stated above does work. Thank you sacapeao

Brian (brian-battaglia) wrote :

While using this fix, my status message is always set to "./t". If I remove it, it seems to come back. This could be related to another bug, but it started when I started using this fix.

MBybee (mike-bybee) wrote :

Doesn't seem to work when empathy is using the pidgin-sipe plugin. I'll try installing all of pidgin and see if it works.

MBybee (mike-bybee) wrote :

Confirmed - if I install pidgin and run the fix it works. Empathy (using the pidgin-sipe plugin) with the fix doesn't.
Yet another strike for Empathy.

Titantux (israel-m-dj) wrote :

It works the workaround for me too!!
Thanks !!

Sebastiaan Renkens (srenkens) wrote :

I too confirm Empathy is not working while pidgin does (if the workaround is in place).

Sebastiaan Renkens (srenkens) wrote :

Just found out that setting ¨NSS_SSL_CBC_RANDOM_IV=0" in /etc/environment and rebooting does the trick. My Empathy connected to Microsoft Communications Server is working again.

I'am not sure how much of a security impact this change has though, setting the var in /etc/environment makes it system wide one.

sergio (serge-simon) wrote :

The export NSS_SSL_CBC_RANDOM_IV=0 worked for me too, thanks for the tip.

MBybee (mike-bybee) wrote :

That works for me on empathy too.
Man, going from pidgin to empathy really makes me miss pidgin. Dang.

Christopher Knörle (cknoerle) wrote :

For me the setting ¨NSS_SSL_CBC_RANDOM_IV=0" in /etc/environment and rebooting did not help for both empathy and pidging.

Lars Magnus Herland (zhakal) wrote :

Neither of the suggested settings work for me :(

NSS_SSL_CBC_RANDOM_IV=0 worked for me too.

Clayton (cletusw) wrote :

export NSS_SSL_CBC_RANDOM_IV=0 worked for me too.

Clayton (cletusw) wrote :

Note that for Ubuntu (at least for 12.04), you can add the line


to ~/.pam_environment and it'll work as well.

pbuzas (peter-buzas) wrote :

The workarounds emntioned in post #6 and post #22 seems to fix Pidgin for me as well, however I could not get Empathy to work.

Goofy (nilay-badavne) wrote :

The workaround in post #6 works. But I don't have ~/.pam_environment. Do we need to create this file?

pbuzas (peter-buzas) wrote :

Yes, I had to create the file as well.

Goofy (nilay-badavne) wrote :

I have created the "~/.pam_environment" and put NSS_SSL_CBC_RANDOM_IV=0.
Pidgin will now connect with the office communicator.
But it seems to be plagued with a new issue. It connects and immediately disconnects.

Roger Preece (rwpreece) wrote :

If you create a text file in /etc/profile.d folder and call it something like my_environment.sh you can put you personalized environment variables in it and it will be run each time you login to your desktop environment. Whatever you decide to name it be sure it's file extension is .sh so that it will be recognized as a script file.

For this particular issue you would add the following line to your .sh file:


Once your added this file and the above line to this file, just reboot your system.

You can also put other environment variables in this file such as:

export JAVA_HOME=/home/xxxxxx/tools/jdk1.6.0_29

Note that the PATH= environment variable is using other environment variables to augment your systems PATH environment variable.

Dmitry Veltishev (vdmit) wrote :

workaround 'export NSS_SSL_CBC_RANDOM_IV=0' works indeed, thanks a lot!

Dragonfist (kunal-narkhede) wrote :
Download full text (13.8 KiB)

I have similiar error in pidgin and I am not able to connect to ocs server through pidgin sipe. I have set the env variable in /etc/environment, did export too..I tried in empathy and pidgin both..Its not working for me.. Following is the pidgin debug log for me...
(10:34:06) prefs: Reading /home/mitza/.purple/prefs.xml
(10:34:06) prefs: Finished reading /home/mitza/.purple/prefs.xml
(10:34:06) prefs: purple_prefs_get_path: Unknown pref /pidgin/browsers/command
(10:34:06) dbus: okkk
(10:34:06) plugins: probing /usr/lib/pidgin/gestures.so
(10:34:06) plugins: probing /usr/lib/pidgin/xmppdisco.so
(10:34:06) plugins: probing /usr/lib/pidgin/timestamp_format.so
(10:34:06) plugins: probing /usr/lib/pidgin/extplacement.so
(10:34:06) plugins: probing /usr/lib/pidgin/spellchk.so
(10:34:06) plugins: probing /usr/lib/pidgin/iconaway.so
(10:34:06) plugins: probing /usr/lib/pidgin/history.so
(10:34:06) plugins: probing /usr/lib/pidgin/musicmessaging.so
(10:34:06) plugins: probing /usr/lib/pidgin/themeedit.so
(10:34:06) plugins: probing /usr/lib/pidgin/notify.so
(10:34:06) plugins: probing /usr/lib/pidgin/sendbutton.so
(10:34:06) plugins: probing /usr/lib/pidgin/cap.so
(10:34:06) plugins: probing /usr/lib/pidgin/timestamp.so
(10:34:06) plugins: probing /usr/lib/pidgin/convcolors.so
(10:34:06) plugins: probing /usr/lib/pidgin/pidginrc.so
(10:34:06) plugins: probing /usr/lib/pidgin/ticker.so
(10:34:06) plugins: probing /usr/lib/pidgin/vvconfig.so
(10:34:06) plugins: probing /usr/lib/pidgin/gtkbuddynote.so
(10:34:06) plugins: probing /usr/lib/pidgin/xmppconsole.so
(10:34:06) plugins: probing /usr/lib/pidgin/markerline.so
(10:34:06) plugins: probing /usr/lib/purple-2/libbonjour.so
(10:34:06) plugins: probing /usr/lib/purple-2/libicq.so
(10:34:06) plugins: probing /usr/lib/purple-2/libmxit.so
(10:34:06) prpl-loubserp-mxit: Loading MXit libPurple plugin...
(10:34:06) plugins: probing /usr/lib/purple-2/dbus-example.so
(10:34:06) plugins: probing /usr/lib/purple-2/libyahoojp.so
(10:34:06) plugins: probing /usr/lib/purple-2/libmsn.so
(10:34:06) plugins: probing /usr/lib/purple-2/libsametime.so
(10:34:06) plugins: /usr/lib/purple-2/libsametime.so has a prefs_info, but is a prpl. This is no longer supported.
(10:34:06) plugins: probing /usr/lib/purple-2/ssl.so
(10:34:06) plugins: probing /usr/lib/purple-2/statenotify.so
(10:34:06) plugins: probing /usr/lib/purple-2/autoaccept.so
(10:34:06) plugins: probing /usr/lib/purple-2/buddynote.so
(10:34:06) plugins: probing /usr/lib/purple-2/libyahoo.so
(10:34:06) plugins: probing /usr/lib/purple-2/libirc.so
(10:34:06) plugins: probing /usr/lib/purple-2/psychic.so
(10:34:06) plugins: probing /usr/lib/purple-2/libxmpp.so
(10:34:06) plugins: probing /usr/lib/purple-2/libzephyr.so
(10:34:06) plugins: probing /usr/lib/purple-2/libgg.so
(10:34:06) plugins: probing /usr/lib/purple-2/libnovell.so
(10:34:06) plugins: probing /usr/lib/purple-2/perl.so
(10:34:06) plugins: probing /usr/lib/purple-2/pidgin-libnotify.so
(10:34:06) plugins: probing /usr/lib/purple-2/log_reader.so
(10:34:06) plugins: probing /usr/lib/purple-2/libjabber.so
(10:34:06) plugins: /usr/lib/purple-2/libjabber.so is not usable because the 'purple_init_plugin' symbol...

Hi all,

May be the following might help you out. this is how i resolved...

echo "export NSS_SSL_CBC_RANDOM_IV=0" >> /etc/profile # Export the Variable into Profile files
echo "export NSS_SSL_CBC_RANDOM_IV=0" >> /home/$USER/.bashrc # Export the Variable into Current Profile files

so everytime you reboot it will be a global variable for all your programs, and its a temporary fix for the time being...

Hope this might help you...


Iain Buclaw (ibuclaw) wrote :

This patch against libnss fixes the issue.


Has this managed to find it's way into Debian/Ubuntu?

era (era) wrote :

https://bugzilla.redhat.com/show_bug.cgi?id=770682 alleges that setting NSS_SSL_CBC_RANDOM_IV=0 globally is a security problem. As an alternative, what I did was this:

Create the following file in /tmp/pidgin

NSS_SSL_CBC_RANDOM_IV=0 exec /usr/bin/pidgin "$@"

Then run the following commands:

sudo cp /tmp/pidgin /usr/local/bin
sudo chmod a+x /usr/local/bin/pidgin

This is just a different way to implement the workaround so that the NSS_SSL_CBC_RANDOM_IV variable is only set for the Pidgin process instead of globally in your environment.

It should not hurt if /usr/local/bin/pidgin remains in use even once a proper fix is deployed, assuming you have a modicum of trust for your local environment (and if not, you should hardly be using SIPE for messaging in the first place).

Julian Alarcon (alarconj) wrote :

This is maybe the "best" workaround for Pidgin

Just edit the file "/usr/share/applications/pidgin.desktop"
Add to the line "Exec=" the text "env NSS_SSL_CBC_RANDOM_IV=0"

This is my desktop file on 12.10:

[Desktop Entry]
Name=Pidgin Internet Messenger
GenericName=Internet Messenger
Comment=Chat over IM. Supports AIM, Google Talk, Jabber/XMPP, MSN, Yahoo and more
Exec=env NSS_SSL_CBC_RANDOM_IV=0 pidgin

Changed in pidgin-sipe (Debian):
status: Unknown → Fix Released
L0RE (andreas-vogler) wrote :

I have the same error under Windows? Does someone know a windows fix?

Julian Alarcon (alarconj)'s workaround worked for me.

Tomas 'tt' Krag (tt) wrote :

This bug is still an issue in 13.04, and the work-around seems to work there as well.

Kevin C. (kedoc) wrote :

I can confirm the bug is still here, and the workround still usefull in 13.04.

Tommy Nevtelen (dal) wrote :

Confirming that this is still an issue in 13.10.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.