[Pidgin] #7367: "Old SSL" for XMPP doesn't work
Pidgin
trac at pidgin.im
Tue Aug 25 02:25:08 EDT 2009
#7367: "Old SSL" for XMPP doesn't work
--------------------+-------------------------------------------------------
Reporter: Lam | Owner: deryni
Type: defect | Status: new
Milestone: 2.6.2 | Component: XMPP
Version: 2.5.2 | Resolution:
Keywords: |
--------------------+-------------------------------------------------------
Comment(by darkrain42):
Replying to [comment:6 deryni]:
> Hm... I was going to say this shouldn't require string changes as we
should just not attempt to negotiate starttls when we already have an
encrypted channel but that opens us up to man-in-the-middle attacks
doesn't it?
Hmm, I think I was suggesting the only string change needed is for the
situation where what we're handling (when the connection is already
encrypted) is
{{{
<stream:features>
<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
<required/>
</starttls>
...
</stream:features>
}}}
What MITM attack are you concerned about (and wouldn't there be a
certificate mismatch warning in that case)?
--
Ticket URL: <http://developer.pidgin.im/ticket/7367#comment:8>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list