[Pidgin] #8061: Let the user select trusted ciphers for TLS

Pidgin trac at pidgin.im
Sun Aug 17 04:54:00 EDT 2014 

#8061: Let the user select trusted ciphers for TLS
------------------------------------+--------------------------
 Reporter:  ben                     |       Owner:  MarkDoliner
     Type:  enhancement             |      Status:  new
Milestone:  Patches Needing Review  |   Component:  libpurple
  Version:  2.5.3                   |  Resolution:
 Keywords:  ssl, tls                |
------------------------------------+--------------------------

Comment (by MarkDoliner):

 Still looking at just the patch for gnutls so far. The patch changes the
 priority string from this:
 {{{
 NORMAL:%SSL3_RECORD_VERSION
 }}}
 To this:
 {{{
 SECURE128:-RSA:+RSA:!DHE-DSS:%SSL3_RECORD_VERSION
 }}}

 There are three changes:
 1. Switching the initial set of ciphers from NORMAL to SECURE128.
 1. Deprioritizing RSA ciphers.
 1. Removing all DHE-DSS ciphers.

 Regarding the first change, in my last comment I said:
 > I'm curious why you chose SECURE128 for gnutls? It seems like that
 excludes 256 bit ciphers.
 From my testing that appears to be true in GnuTLS 2.12.23 (possibly a
 bug?), but it's ''not'' true in GnuTLS 3.2.11. The behavior in 3.2.11
 matches [http://gnutls.org/manual/html_node/Priority-
 Strings.html#tab_003aprio_002dkeywords the documentation], which says that
 SECURE128 includes 128 and higher.

 And in GnuTLS 3.2.11, using SECURE128 instead of NORMAL does disable a few
 ciphers:
 - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
 - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
 - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
 - TLS_ECDHE_RSA_WITH_RC4_128_SHA
 - TLS_RSA_WITH_3DES_EDE_CBC_SHA
 - TLS_RSA_WITH_RC4_128_SHA
 - TLS_RSA_WITH_RC4_128_MD5
 - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
 - TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
 - TLS_DHE_DSS_WITH_RC4_128_SHA
 So that's cool. It also tweaks the order slightly (nothing too important--
 just sorts some 128 bit ciphers ahead of 258 bit ciphers). So switching
 from NORMAL to SECURE128 seems fine to me.

 Regarding the second and third change (deprioritizing RSA and removing all
 DHE-DSS), what's the reason for these?

 I don't see a strong need to change the gnutls ciphers in our 2.x.y
 branch. The only cipher which https://www.howsmyssl.com/ complains about
 is TLS_DHE_DSS_WITH_RC4_128_SHA, and I think this is actually a bug in
 https://www.howsmyssl.com/ (see https://savannah.gnu.org/support/?108577
 and https://github.com/jmhodges/howsmyssl/issues/35 and
 https://github.com/jmhodges/howsmyssl/commit/fe3db64430d4792e0d3be0f60a385dbb6cd6cf1b).
 Using SECURE128 in master (which will eventually be released as 3.0.0)
 isn't a bad idea. Though I'm a bit wary in general for us to be specifying
 which ciphers we want. I'd prefer for this to happen at a deeper level
 (either gnutls decides for us, or the OS decides). That seems like a
 better way for Pidgin to seamlessly adapt to changing ciphers without us
 needing to be encryption experts.


 Another note about the patch: It changes the final fallback priority
 string to match the default priority string. It doesn't make sense to try
 to set the same string twice--if it failed the first time it's going to
 fail the second time. Anyway, that's minor and not really important.

--
Ticket URL: <https://developer.pidgin.im/ticket/8061#comment:8>
Pidgin <https://pidgin.im>
Pidgin

More information about the Tracker mailing list