is Pidgin vulnerable to the POODLE SSLv3 vulnerability?

Daniel Atallah datallah at pidgin.im
Fri Oct 17 13:05:33 EDT 2014


On Fri, Oct 17, 2014 at 9:27 AM, Lois Janes <LoisTJanes at mail.com> wrote:

> Is Pidgin vulnerable to the POODLE SSLv3 vulnerability?
>

> I know that Pidgin doesn't offer a way to disable SSLv3 support, so I'm
> specifically interested in whether Pidgin is suseptible to a TLS/SSL
> downgrade attack?
>
> Does Pidgin retry failed connections with lower SSL/TLS protocol versions?
>
> Does Pidgin support TLS_FALLBACK_SCSV?
>


The answer to all these questions depends on which SSL/TLS (gnutls or NSS)
library you're using with pidgin and the configuration of that library
(which will depend on your OS).

Pidgin/libpurple itself has no direct interaction with the SSL/TLS
handshake process.

-D



> Lois
>
> _______________________________________________
> Support at pidgin.im mailing list
> Want to unsubscribe?  Use this link:
> https://pidgin.im/cgi-bin/mailman/listinfo/support
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/pipermail/support/attachments/20141017/e3552769/attachment.html>


More information about the Support mailing list