/pidgin/main: 2fe784e7e985: Add note that it would be better if ...
Mark Doliner
mark at kingant.net
Thu Sep 11 18:43:57 EDT 2014
Changeset: 2fe784e7e9856ce81d1705dbb4b73e102cec6f5a
Author: Mark Doliner <mark at kingant.net>
Date: 2014-09-11 15:43 -0700
Branch: default
URL: https://hg.pidgin.im/pidgin/main/rev/2fe784e7e985
Description:
Add note that it would be better if we didn't specify the ciphers ourselves.
diffstat:
libpurple/plugins/ssl/ssl-gnutls.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diffs (14 lines):
diff --git a/libpurple/plugins/ssl/ssl-gnutls.c b/libpurple/plugins/ssl/ssl-gnutls.c
--- a/libpurple/plugins/ssl/ssl-gnutls.c
+++ b/libpurple/plugins/ssl/ssl-gnutls.c
@@ -50,6 +50,10 @@ static gnutls_certificate_client_credent
* is to disable weaker ciphers while remaining compatible with almost all
* servers.
*
+ * Ideally this is something we wouldn't do. Ideally the system-wide GnuTLS
+ * library would use good defaults. But for now I think we can safely be more
+ * restrictive than the GnuTLS defaults. --Mark Doliner
+ *
* You can test the priority string using this command:
* > gnutls-cli --priority "<SIGNATURE STRING>" <HOSTNAME>
* Note that on Ubuntu 14.04 gnutls-cli is linked against the older GnuTLS
More information about the Commits
mailing list