[Pidgin] #15744: weak TLS ciphers used for connection - Windows
Pidgin
trac at pidgin.im
Thu Sep 5 08:07:47 EDT 2013
#15744: weak TLS ciphers used for connection - Windows
---------------------------+--------------------
Reporter: fedor.brunner | Owner: deryni
Type: defect | Status: new
Milestone: 2.10.8 | Component: XMPP
Version: 2.10.7 | Keywords:
---------------------------+--------------------
The Windows build of Pidgin 2.10.7
(http://www.pidgin.im/download/windows/) is using the NSS library, this
library supports only the old TLS v1. Please change the build so that it
uses newer protocols from GnuTLS ( TLS v1.1 and 1.2)
When connecting with TLS v1 to Google XMPP server, the weaker RC4 is used,
when connecting with TLS v1.2 strong AES is used.
http://crypto.stackexchange.com/questions/853/google-is-using-rc4-but-
isnt-rc4-considered-unsafe
https://en.wikipedia.org/wiki/Transport_Layer_Security#RC4_attacks
https://en.wikipedia.org/wiki/Transport_Layer_Security#CRIME_and_BREACH_attacks
--
Ticket URL: <https://developer.pidgin.im/ticket/15744>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list