After upgrading from nss 3.56 to 3.58, purple-discord can no longer connect to Discord due to a
nss: Handshake failed (-12251) error. According to the Mozilla nss docs this means that "SSL received a malformed Change Cipher Spec record.". It seems other folks have the same problem but with XMPP, but my XMPP accounts don't have the same problem.
I was able to work around this in two different ways:
- I used the Pidgin NSS Preferences plugin to disable TLS version 1.3 and this fixed the issue.
- I recompiled NSS 3.58 with a revert for the fix for CVE-2020-25648 and that also fixed the issue.
I wasn't sure where to go from here, and Julien Cristau suggested I file a bug here, adding Daiki Ueno to the moreinfo field.
In Wireshark, I see a "TLSv1.3 Client Hello" packet, then a "TLSv1.3 Server Hello, Change Cipher Spec" packet, then from server to client a "TLSv1.3 Application Data" packet, then from client to server a "TLSv1.3 Application Data" packet and finally the TCP connection is torn down. The two TLS Hello packets from Wireshark are attached.
PS: I'm using NSS 2:3.58-1 on Debian GNU/Linux 11 (bullseye).