is Pidgin vulnerable to the POODLE SSLv3 vulnerability?

Daniel Atallah datallah at
Fri Oct 17 13:05:33 EDT 2014

On Fri, Oct 17, 2014 at 9:27 AM, Lois Janes <LoisTJanes at> wrote:

> Is Pidgin vulnerable to the POODLE SSLv3 vulnerability?

> I know that Pidgin doesn't offer a way to disable SSLv3 support, so I'm
> specifically interested in whether Pidgin is suseptible to a TLS/SSL
> downgrade attack?
> Does Pidgin retry failed connections with lower SSL/TLS protocol versions?
> Does Pidgin support TLS_FALLBACK_SCSV?

The answer to all these questions depends on which SSL/TLS (gnutls or NSS)
library you're using with pidgin and the configuration of that library
(which will depend on your OS).

Pidgin/libpurple itself has no direct interaction with the SSL/TLS
handshake process.


> Lois
> _______________________________________________
> Support at mailing list
> Want to unsubscribe?  Use this link:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Support mailing list