[Pidgin] #15515: Working towards a better SSL implementation.

Pidgin trac at pidgin.im
Wed Feb 13 10:46:24 EST 2013

#15515: Working towards a better SSL implementation.
 Reporter:  DrWhax       |      Owner:
     Type:  enhancement  |     Status:  new
Milestone:  3.0.0        |  Component:  libpurple
  Version:               |   Keywords:  nss gnutls ssl
 The current SSL implementation of Pidgin is not.. the best out there (see
 #15308 for example), I would like to propose a several stages roadmap
 where, hopefully in the end Pidgin will have a pluggable SSL transport
 with NSS & GnuTLS

 The first stage would be to remove the current SSL implementation and
 replace it entirely with GnuTLS, which would also do the cert validation
 and use the certificates which GnuTLS ships.

 The second stage would be to add NSS implementation, which will provide
 the same functionality.

 Maintainers for Linux distro's could decide which one to enable for
 specific distro's for example.

 I don't plan to add any OpenSSL functionality due to licensing trouble and
 it's not worth the trouble if we already have NSS/GnuTLS support. But if
 anyone creates a patch we could discuss it from there?

 I think it would be great if we force only high ciphers, if possible force
 'perfect forward secrecy' capable one's first. I would also like to
 disable the insecure SSLv2 one's for example.

 Another important option we need to discuss is how we are going to accept
 self-signed certificates, if we are going to remember the certificate, for
 how long will that be? The current session? See #15344 for example.

 I might have forgot something, if you can think of something, don't
 hesitate to bring it up!

 I guess this ticket should be used for discussion mostly for how to
 implement this? And create subtickets for the actual work being done, e.g,
 patches for example.

 I'm more then willing to help out and write code for it.

 Related tickets are; #1524 #14668 #15506 #15505 #15479 #15308

 Let's move forward and make Pidgin a safer client!

Ticket URL: <https://developer.pidgin.im/ticket/15515>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list