is Pidgin vulnerable to the POODLE SSLv3 vulnerability?
Daniel Atallah
datallah at pidgin.im
Fri Oct 17 13:05:33 EDT 2014
On Fri, Oct 17, 2014 at 9:27 AM, Lois Janes <LoisTJanes at mail.com> wrote:
> Is Pidgin vulnerable to the POODLE SSLv3 vulnerability?
>
> I know that Pidgin doesn't offer a way to disable SSLv3 support, so I'm
> specifically interested in whether Pidgin is suseptible to a TLS/SSL
> downgrade attack?
>
> Does Pidgin retry failed connections with lower SSL/TLS protocol versions?
>
> Does Pidgin support TLS_FALLBACK_SCSV?
>
The answer to all these questions depends on which SSL/TLS (gnutls or NSS)
library you're using with pidgin and the configuration of that library
(which will depend on your OS).
Pidgin/libpurple itself has no direct interaction with the SSL/TLS
handshake process.
-D
> Lois
>
> _______________________________________________
> Support at pidgin.im mailing list
> Want to unsubscribe? Use this link:
> https://pidgin.im/cgi-bin/mailman/listinfo/support
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/pipermail/support/attachments/20141017/e3552769/attachment.html>
More information about the Support
mailing list