[Pidgin] #15515: Working towards a better SSL implementation.
Pidgin
trac at pidgin.im
Wed Feb 13 10:46:24 EST 2013
#15515: Working towards a better SSL implementation.
-------------------------+----------------------------
Reporter: DrWhax | Owner:
Type: enhancement | Status: new
Milestone: 3.0.0 | Component: libpurple
Version: | Keywords: nss gnutls ssl
-------------------------+----------------------------
The current SSL implementation of Pidgin is not.. the best out there (see
#15308 for example), I would like to propose a several stages roadmap
where, hopefully in the end Pidgin will have a pluggable SSL transport
with NSS & GnuTLS
The first stage would be to remove the current SSL implementation and
replace it entirely with GnuTLS, which would also do the cert validation
and use the certificates which GnuTLS ships.
The second stage would be to add NSS implementation, which will provide
the same functionality.
Maintainers for Linux distro's could decide which one to enable for
specific distro's for example.
I don't plan to add any OpenSSL functionality due to licensing trouble and
it's not worth the trouble if we already have NSS/GnuTLS support. But if
anyone creates a patch we could discuss it from there?
I think it would be great if we force only high ciphers, if possible force
'perfect forward secrecy' capable one's first. I would also like to
disable the insecure SSLv2 one's for example.
Another important option we need to discuss is how we are going to accept
self-signed certificates, if we are going to remember the certificate, for
how long will that be? The current session? See #15344 for example.
I might have forgot something, if you can think of something, don't
hesitate to bring it up!
I guess this ticket should be used for discussion mostly for how to
implement this? And create subtickets for the actual work being done, e.g,
patches for example.
I'm more then willing to help out and write code for it.
Related tickets are; #1524 #14668 #15506 #15505 #15479 #15308
Let's move forward and make Pidgin a safer client!
--
Ticket URL: <https://developer.pidgin.im/ticket/15515>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list