/pidgin/main: 76a2a6d75768: Specify a different set of encryptio...

Mark Doliner mark at kingant.net
Thu Sep 11 18:43:57 EDT 2014


Changeset: 76a2a6d7576824745b4def87545eec7530397152
Author:	 Mark Doliner <mark at kingant.net>
Date:	 2014-09-11 15:41 -0700
Branch:	 default
URL: https://hg.pidgin.im/pidgin/main/rev/76a2a6d75768

Description:

Specify a different set of encryption ciphers for TLS connections when
using GnuTLS.

Thanks to elrond and belmyst on Trac.

Refs #8061

diffstat:

 ChangeLog                          |  15 +++++--
 libpurple/plugins/ssl/ssl-gnutls.c |  64 ++++++++++++++++++++++++++++++++++++-
 2 files changed, 72 insertions(+), 7 deletions(-)

diffs (113 lines):

diff --git a/ChangeLog b/ChangeLog
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,16 @@
 Pidgin and Finch: The Pimpin' Penguin IM Clients That're Good for the Soul
 
 version 3.0.0 (??/??/????):
+	General:
+	* Various core components of libpurple are now GObjects (Ankit Vani).
+	* Ciphers are now built from the libpurple directory.
+	* Doxygen has been replaced by gtk-doc for generating documentation (Ankit
+	  Vani).
+
+	libpurple:
+	* Specify a different set of encryption ciphers for TLS connections when
+	  using GnuTLS. (elrond, belmyst, and Mark Doliner) (#8061)
+
 	Pidgin:
 	* Support building with the GTK+ 3.x toolkit.  When configuring the
 	  build, use --with-gtk=<2|3> to determine which toolkit to use.  Using
@@ -63,11 +73,6 @@ version 3.0.0 (??/??/????):
 	* The Offline Message Emulation plugin now adds a note that the message
 	  was an offline message. (Flavius Anton) (#2497)
 
-	General:
-	* Various core components of libpurple are now GObjects.
-	* Ciphers are now built from the libpurple directory.
-	* Doxygen has been replaced by gtk-doc for generating documentation.
-
 version 2.10.10 (?/?/?):
 	libpurple3 compatibility:
 	* Encrypted account passwords are preserved until the new one is set.
diff --git a/libpurple/plugins/ssl/ssl-gnutls.c b/libpurple/plugins/ssl/ssl-gnutls.c
--- a/libpurple/plugins/ssl/ssl-gnutls.c
+++ b/libpurple/plugins/ssl/ssl-gnutls.c
@@ -44,7 +44,65 @@ typedef struct
 static gnutls_certificate_client_credentials xcred = NULL;
 
 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS
-/* Priority strings.  The default one is, well, the default (and is always
+
+/**
+ * This string tells GnuTLS the list of ciphers we're ok with using. The goal
+ * is to disable weaker ciphers while remaining compatible with almost all
+ * servers.
+ *
+ * You can test the priority string using this command:
+ * > gnutls-cli --priority "<SIGNATURE STRING>" <HOSTNAME>
+ * Note that on Ubuntu 14.04 gnutls-cli is linked against the older GnuTLS
+ * 2.12.23, which might be different than what Pidgin is linked against.
+ *
+ * Rationale for this string:
+ * - Start with the SECURE192 keyword and add the SECURE128 keyword. This
+ *   includes both 128 and 192 bit ciphers, giving priority to the 192 bit
+ *   ciphers. We're not too picky about the order... people generally think
+ *   128 bit ciphers are sufficient for now and 192 bit ciphers are overkill
+ *   (and slower), but the speed impact shouldn't matter much for us and we
+ *   prefer to be resilient into the distant future.
+ *
+ * - Remove and re-add RSA ciphers. This gives them a lower priority. We do
+ *   this because they don't support perfect forward secrecy (PFS) and we want
+ *   ciphers that DO support PFS to have a higher priority. An alternate way
+ *   to do this is to add +PFS to the front of the string, but the PFS keyword
+ *   was only added in 3.2.4 and attempting to use it with older GnuTLS causes
+ *   the entire priority string to be discarded.
+ *
+ * - Add SIGN-RSA-SHA1. SHA-1 is a weaker hashing algorithm that's not
+ *   included in SECURE128. We'd prefer not to include it, but unfortunately
+ *   as of 2014-09-10 it is required by login.live.com (used by the MSN PRPL).
+ *
+ * - Remove DHE-DSS ciphers. This is kind of arbitrary. We think maybe nobody
+ *   uses these and all things being equal a shorter cipher list is preferred.
+ *
+ * - Disable SSL 3.0. Everyone should be using at least TLS 1.0 by now.
+ *
+ * We only use this string for GnuTLS 3.2.2 and newer. For older versions we
+ * use NORMAL. Over time the GnuTLS library has changed how it parses priority
+ * strings and there are some unfortunate quirks:
+ * - 128 bit ciphers stopped being included in the SECURE256 keyword in 3.0.9.
+ * - 256 bit ciphers started being included in the SECURE128 keyword in 3.0.12.
+ * - Support for combining priority string keywords wasn't added until 3.1.0.
+ * - Adding/removing items from the priority string using plus and minus is
+ *   buggy in GnuTLS 3.2.2 and older. See this commit for details:
+ *   https://gitorious.org/gnutls/gnutls/commit/913f03ccfafc37277f0a88287d02cdbb9bbfb652
+ *
+ * These quirks make it difficult to find a single priority string that works
+ * well for all versions of GnuTLS that enables 128 and 256 bit ciphers while
+ * disabling less secure ciphers. In fact it's difficult to come up with ANY
+ * string that accomplishes this for 3.0.9, 3.0.10, and 3.0.11. And the bug
+ * with adding/removing items from the priority string means we might get
+ * unexpected results when using a complicated string, and so we're better off
+ * just sticking with the default.
+ *
+ * For more discussion about this change see bug #8061.
+ */
+#define GNUTLS_DEFAULT_PRIORITY "SECURE192:+SECURE128:-RSA:+RSA:+SIGN-RSA-SHA1:-DHE-DSS:-VERS-SSL3.0"
+
+/*
+ * Priority strings.  The default one is, well, the default (and is always
  * set).  The hash table is of the form hostname => priority (both
  * char *).
  *
@@ -193,7 +251,9 @@ ssl_gnutls_init_gnutls(void)
 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS
 	/* Set a default priority string if we didn't do it above */
 	if (!default_priority) {
-		set_cipher_priorities(&default_priority, "NORMAL:%SSL3_RECORD_VERSION");
+		if (gnutls_check_version("3.2.2")) {
+			set_cipher_priorities(&default_priority, GNUTLS_DEFAULT_PRIORITY);
+		}
 		if (!default_priority) {
 			/* Try again with an extremely simple priority string. */
 			set_cipher_priorities(&default_priority, "NORMAL");



More information about the Commits mailing list