pidgin: 47522394: Enable a number of default-disabled stro...
elb at pidgin.im
elb at pidgin.im
Tue Sep 23 13:40:31 EDT 2008
-----------------------------------------------------------------
Revision: 475223945bc39fa8d35f30060dd5cfda787d82d5
Ancestor: d7476bfe7f9003553f7b3ea48491f4cebd192098
Author: elb at pidgin.im
Date: 2008-09-23T17:36:13
Branch: im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/475223945bc39fa8d35f30060dd5cfda787d82d5
Modified files:
COPYRIGHT ChangeLog libpurple/plugins/ssl/ssl-nss.c
ChangeLog:
Enable a number of default-disabled strong ciphers for NSS.
For some reason the NSS default US Domestic policy does not enable a
number of strong ciphers which are entirely reasonable, and in fact
may be preferred. (E.g. those using SHA over MD5.)
This patch enables all available AES, 3DES, and RC4 ciphers which are
not enabled by default.
Thanks to Marcus Trautwig for this.
Fixes #1435
-------------- next part --------------
============================================================
--- COPYRIGHT 72c5af1656198314390a81ad0a27acd2d9dab269
+++ COPYRIGHT 9279b333f0ff944a8076e2e417572d7c83730618
@@ -425,6 +425,7 @@ Ken Tossell
Gal Topper
Chris Toshok
Ken Tossell
+Marcus Trautwig
Tom Tromey
Todd Troxell
Brad Turcotte
============================================================
--- ChangeLog 3f6720a22e2d793f670da0b21a401c4d3c862a93
+++ ChangeLog 47d32b8b4430adbe2f83fdb1b6bd3473e5b2ca81
@@ -5,6 +5,8 @@ version 2.5.2 (??/??/????):
* Restored the "Has You" feature to the MSN protocol tooltips.
* Fixed a crash on removing a custom buddy icon on a buddy.
* Fixed a crash caused by certain self-signed SSL certificates.
+ * Enable a number of strong ciphers which were previously disabled
+ when using NSS. (Thanks to Marcus Trautwig.)
Pidgin:
* The status selector now saves your message when changing status.
============================================================
--- libpurple/plugins/ssl/ssl-nss.c d6de7a59c8b1c42086fd8e7153865718fc3289e6
+++ libpurple/plugins/ssl/ssl-nss.c d92a6fbada55afa6ca08d592ecb4c7b99858bc49
@@ -141,6 +141,19 @@ ssl_nss_init_nss(void)
g_free(lib);
NSS_SetDomesticPolicy();
+ SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 1);
+ SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 1);
+ SSL_CipherPrefSetDefault(TLS_RSA_WITH_AES_256_CBC_SHA, 1);
+ SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_RC4_128_SHA, 1);
+ SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 1);
+ SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 1);
+ SSL_CipherPrefSetDefault(SSL_RSA_WITH_RC4_128_SHA, 1);
+ SSL_CipherPrefSetDefault(TLS_RSA_WITH_AES_128_CBC_SHA, 1);
+ SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 1);
+ SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 1);
+ SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);
+ SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);
+
_identity = PR_GetUniqueIdentity("Purple");
_nss_methods = PR_GetDefaultIOMethods();
}
More information about the Commits
mailing list