Nokia servers dePOODLEd, Nokia Suite breaks, workaround below

Published by at

Multiple reports have been coming in about Nokia Suite having been broken by the disabling of SSL 3 support on Nokia and Microsoft's servers to avoid possible POODLE exploits. This appears to have been a problem for the last two weeks and there's no sign of Microsoft fixing the issue, so I've quoted the appropriate workaround below, as suggested by power users on Nokia Discussions.

Nokia Suite sign-in problem

Here's the quoted write-up and workaround (there are actually two, but the first is just to use other tools, so....):

Nokia Suite connects to the server account.nokia.com and auth.gfx.ms. For these servers, SSL 3 was disabled on October 15th 2014. As of today, these servers require TLS 1.0. Nokia Suite does not use TLS 1.0 but only SSL 3, because Nokia Suite uses the QT framework 4.7.4. Up to that version, the QtNetwork class QSslSocket used SSL 3 and not TLS 1.0 as default protocol. You can test yourself via a terminal command and OpenSSL:

openssl s_client -connect account.nokia.com:443 -ssl3

which simulates the behaviour of the Nokia Suite. Therefore, the initial request of the Nokia Suite is rejected with a SSL/TLS handshake-failure. Because of that, Nokia Suite gives this wrong error message. Hopefully, Nokia enables SSL 3 again

Workaround – replace two DLL files (2nd Edit: added step about exit)

  1. exit the Nokia Suite via right-click in (bottom, left) Windows Notification Area (system tray)
  2. download this modified version of libeay32.dll …
  3. download this modified version of ssleay32.dll …
  4. replace these two files at C:\Program Files (x86)\Nokia\Nokia Suite\

Of course, the ideal solution is for Microsoft to re-enable SSL3 on the servers, even unpatched - POODLE isn't a big deal for 99.999% of users and relies on man in the middle attacks, something which is fairly unlikely with Nokia Suite.

I'll update this post if the servers/protocols do get fixed.

Source / Credit: Nokia Discussions