/pidgin/main: 76a2a6d75768: Specify a different set of encryptio...
Mark Doliner
mark at kingant.net
Thu Sep 11 18:43:57 EDT 2014
Changeset: 76a2a6d7576824745b4def87545eec7530397152
Author: Mark Doliner <mark at kingant.net>
Date: 2014-09-11 15:41 -0700
Branch: default
URL: https://hg.pidgin.im/pidgin/main/rev/76a2a6d75768
Description:
Specify a different set of encryption ciphers for TLS connections when
using GnuTLS.
Thanks to elrond and belmyst on Trac.
Refs #8061
diffstat:
ChangeLog | 15 +++++--
libpurple/plugins/ssl/ssl-gnutls.c | 64 ++++++++++++++++++++++++++++++++++++-
2 files changed, 72 insertions(+), 7 deletions(-)
diffs (113 lines):
diff --git a/ChangeLog b/ChangeLog
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,16 @@
Pidgin and Finch: The Pimpin' Penguin IM Clients That're Good for the Soul
version 3.0.0 (??/??/????):
+ General:
+ * Various core components of libpurple are now GObjects (Ankit Vani).
+ * Ciphers are now built from the libpurple directory.
+ * Doxygen has been replaced by gtk-doc for generating documentation (Ankit
+ Vani).
+
+ libpurple:
+ * Specify a different set of encryption ciphers for TLS connections when
+ using GnuTLS. (elrond, belmyst, and Mark Doliner) (#8061)
+
Pidgin:
* Support building with the GTK+ 3.x toolkit. When configuring the
build, use --with-gtk=<2|3> to determine which toolkit to use. Using
@@ -63,11 +73,6 @@ version 3.0.0 (??/??/????):
* The Offline Message Emulation plugin now adds a note that the message
was an offline message. (Flavius Anton) (#2497)
- General:
- * Various core components of libpurple are now GObjects.
- * Ciphers are now built from the libpurple directory.
- * Doxygen has been replaced by gtk-doc for generating documentation.
-
version 2.10.10 (?/?/?):
libpurple3 compatibility:
* Encrypted account passwords are preserved until the new one is set.
diff --git a/libpurple/plugins/ssl/ssl-gnutls.c b/libpurple/plugins/ssl/ssl-gnutls.c
--- a/libpurple/plugins/ssl/ssl-gnutls.c
+++ b/libpurple/plugins/ssl/ssl-gnutls.c
@@ -44,7 +44,65 @@ typedef struct
static gnutls_certificate_client_credentials xcred = NULL;
#ifdef HAVE_GNUTLS_PRIORITY_FUNCS
-/* Priority strings. The default one is, well, the default (and is always
+
+/**
+ * This string tells GnuTLS the list of ciphers we're ok with using. The goal
+ * is to disable weaker ciphers while remaining compatible with almost all
+ * servers.
+ *
+ * You can test the priority string using this command:
+ * > gnutls-cli --priority "<SIGNATURE STRING>" <HOSTNAME>
+ * Note that on Ubuntu 14.04 gnutls-cli is linked against the older GnuTLS
+ * 2.12.23, which might be different than what Pidgin is linked against.
+ *
+ * Rationale for this string:
+ * - Start with the SECURE192 keyword and add the SECURE128 keyword. This
+ * includes both 128 and 192 bit ciphers, giving priority to the 192 bit
+ * ciphers. We're not too picky about the order... people generally think
+ * 128 bit ciphers are sufficient for now and 192 bit ciphers are overkill
+ * (and slower), but the speed impact shouldn't matter much for us and we
+ * prefer to be resilient into the distant future.
+ *
+ * - Remove and re-add RSA ciphers. This gives them a lower priority. We do
+ * this because they don't support perfect forward secrecy (PFS) and we want
+ * ciphers that DO support PFS to have a higher priority. An alternate way
+ * to do this is to add +PFS to the front of the string, but the PFS keyword
+ * was only added in 3.2.4 and attempting to use it with older GnuTLS causes
+ * the entire priority string to be discarded.
+ *
+ * - Add SIGN-RSA-SHA1. SHA-1 is a weaker hashing algorithm that's not
+ * included in SECURE128. We'd prefer not to include it, but unfortunately
+ * as of 2014-09-10 it is required by login.live.com (used by the MSN PRPL).
+ *
+ * - Remove DHE-DSS ciphers. This is kind of arbitrary. We think maybe nobody
+ * uses these and all things being equal a shorter cipher list is preferred.
+ *
+ * - Disable SSL 3.0. Everyone should be using at least TLS 1.0 by now.
+ *
+ * We only use this string for GnuTLS 3.2.2 and newer. For older versions we
+ * use NORMAL. Over time the GnuTLS library has changed how it parses priority
+ * strings and there are some unfortunate quirks:
+ * - 128 bit ciphers stopped being included in the SECURE256 keyword in 3.0.9.
+ * - 256 bit ciphers started being included in the SECURE128 keyword in 3.0.12.
+ * - Support for combining priority string keywords wasn't added until 3.1.0.
+ * - Adding/removing items from the priority string using plus and minus is
+ * buggy in GnuTLS 3.2.2 and older. See this commit for details:
+ * https://gitorious.org/gnutls/gnutls/commit/913f03ccfafc37277f0a88287d02cdbb9bbfb652
+ *
+ * These quirks make it difficult to find a single priority string that works
+ * well for all versions of GnuTLS that enables 128 and 256 bit ciphers while
+ * disabling less secure ciphers. In fact it's difficult to come up with ANY
+ * string that accomplishes this for 3.0.9, 3.0.10, and 3.0.11. And the bug
+ * with adding/removing items from the priority string means we might get
+ * unexpected results when using a complicated string, and so we're better off
+ * just sticking with the default.
+ *
+ * For more discussion about this change see bug #8061.
+ */
+#define GNUTLS_DEFAULT_PRIORITY "SECURE192:+SECURE128:-RSA:+RSA:+SIGN-RSA-SHA1:-DHE-DSS:-VERS-SSL3.0"
+
+/*
+ * Priority strings. The default one is, well, the default (and is always
* set). The hash table is of the form hostname => priority (both
* char *).
*
@@ -193,7 +251,9 @@ ssl_gnutls_init_gnutls(void)
#ifdef HAVE_GNUTLS_PRIORITY_FUNCS
/* Set a default priority string if we didn't do it above */
if (!default_priority) {
- set_cipher_priorities(&default_priority, "NORMAL:%SSL3_RECORD_VERSION");
+ if (gnutls_check_version("3.2.2")) {
+ set_cipher_priorities(&default_priority, GNUTLS_DEFAULT_PRIORITY);
+ }
if (!default_priority) {
/* Try again with an extremely simple priority string. */
set_cipher_priorities(&default_priority, "NORMAL");
More information about the Commits
mailing list