Google Talk and iChat SSL Error - 9843

by Ernest E. Rothman

I've used Google Talk with iChat since the day Google Talk was announced, but since yesterday several attempts to connect to the Google Talk server with iChat failed with the error message, "An unexpected SSL error occured. [-9843]." I got the same result on three computers, with at least two different Google Talk accounts. Moreover, the Jabber-enabled clients Adium and Coccinella still work with Google Talk, and iChat still works with other Jabber servers (for example, jabber.org.uk).

It may be coincidental, but iChat stopped working with Google Talk on my Macs just after I installed the Quicktime 7.02, QuickTime SDK 7.0.2, and iTunes 5.0 updates as well as the iTunes Phone Driver 1.0. I don't know what, if anything, changed in Google's IM service.


Anyone else out there have this trouble with iChat and Google Talk?


14 Comments

rhussmann
2005-09-09 08:26:21
Updates
The only update that I've installed is iTunes 5.0. The other ones (Quicktime, Quicktime SDK, and the iTunes phone update) are still sitting in my software update bin. I'm also running the latest public Tiger build (10.4.2). However, I'm still getting the same error that you are.


Google has recognized the problem and are apparently working on it:
http://www.google.com/support/talk/bin/answer.py?answer=24076

Dompe
2005-09-09 08:35:06
Same here
I'm having the exact same problem, and I have the Quicktime and iTunes update.
mike3k
2005-09-09 14:23:45
Same here
It has nothing to do with iTunes 5.0 (which I installed about a day before this occurred) or QuickTime 7.0.2 (which I just installed today). I find that I can still login to google talk with Adium or Psi but not iChat.
fdaapproved
2005-09-09 21:56:27
Ayup
Yeah, I have the same problem... I'm pretty sure it happened BEFORE I installed the iTunes/Quicktime update though. There's a note on the support page now (it looks like I wasn't the only one who filed a bug).
discodonman
2005-09-11 07:14:39
3 strikes here too
Myself and two other friends were using Google Talk on iChat. Now, none of us can connect due to that SSL error. I can confirm that is is NOT related to iTunes or Quicktime updates.
AbstractMac
2005-09-11 22:12:59
Same issue, but circa PGP v9.02 install
Who else is using PGP v9.x? My SwissDisk and Jabber connections died shortly after installation.
chuckdude
2005-09-14 07:09:38
File a bug with Apple
Hey Ernie,


With stuff like this, you should file a bug with Apple. There's a high chance that they may not know about this problem, or that other people have complained of the same issue and may not think fixing the problem is a priority. The more people who file a bug on this, the better the chance is of Apple realizing their mistake and issuing a bug fix via Software Update.


To file a bug with Apple, just go to http://bugreport.apple.com. You'll need to have an ADC account to issue bug reports. If you're not an ADC member, you can sign up for a free online ADC membership by following the link off that page.


Don't forget to provide as much detail as you can when filing a bug, and be sure to include the output from System Profiler as well.


It's easy to complain about problems with the system, but if you don't report them to Apple, how will they know to fix them?


Chuck

knapjack
2005-09-17 20:16:35
Fails in Fire, too.
I occasionally use the Fire multinetwork client (think GAIM for OSX) and thought, heck, might as well give it a whirl, and it outright crashes when trying to connect to Google Talk (ouch).


Some packet sniffing with Ethereal and it seems like iChat never gets past the SSL negotiation. You see them offer up their SSL certificate (from Thawte) and then it's game over, no further response from iChat.


Maybe it's some change in the SSL certificate. I did some poking at the SSL support in Inferno a year or two ago, and I remember seeing that Windows handles CA referrals strange (I think there used to be a Mozilla bug that it tickled, too), so maybe Google adopted some variation that makes iChat barf.


I ran into an issue with WPA support on OSX, and a friend had read that Apple likes standards and a lot of the cheap wireless APs do not implement WPA-PSK well and it breaks on OSX because it's less forgiving. Maybe we have a similar situation where Google adopted an SSL variation that doesn't follow the RFCs (or is in the backwaters of the spec), but most other implementors are more forgiving (or are using OS-level SSL libraries that are more forgiving) and their clients just keep working.


Just supposition, though.

knapjack
2005-09-18 00:04:10
More clues
In case someone else is hunting down the problem.


I noticed when I did the packet capture that the SSL certificate being issued from Google is from Thawte, but the iChat config instructions on the Web site say to allow self-signed certificates.


Could Google have changed certificates without telling anyone, and iChat is balking at the change? Who knows.


More on iChat's SSL:


http://edr.euro.apple.com/documentation/Security/Reference/SecAppleTrustPolicyModuleSpec/Apple_Trust_Policy_Module_Functional_Specification.pdf

SKoshy
2005-09-18 21:23:18
Updates
I have the same problem too. happens even before the updates. The google link shown does not say that they are working on the problem.


SKoshy
2005-09-18 21:39:37
Bug report submitted to apple
I have submitted a bug report to apple through bug report. Hope it is rectified soon.
erothman
2005-09-19 06:05:11
File a bug with Apple
Good point.


In this case it looks Google is working on a fix. But I agree that Apple should be made aware of this, especially since it doesn't seem to affect other Jabber clients.


Thanks to everyone who provided feedback!


erothman
2005-09-19 16:14:51
Bug report submitted to apple
As of this afternoon Google Talk seems to one again work with iChat.
JtwotheJ
2006-04-13 22:24:07
Updates
make sure it says "talk.GOOGLE.com" not NOT NOT talk.gmail.com


fixed the problem for me.