[Pidgin] #8061: Let the user select trusted ciphers for TLS
Pidgin
trac at pidgin.im
Sun Aug 17 04:54:00 EDT 2014
#8061: Let the user select trusted ciphers for TLS
------------------------------------+--------------------------
Reporter: ben | Owner: MarkDoliner
Type: enhancement | Status: new
Milestone: Patches Needing Review | Component: libpurple
Version: 2.5.3 | Resolution:
Keywords: ssl, tls |
------------------------------------+--------------------------
Comment (by MarkDoliner):
Still looking at just the patch for gnutls so far. The patch changes the
priority string from this:
{{{
NORMAL:%SSL3_RECORD_VERSION
}}}
To this:
{{{
SECURE128:-RSA:+RSA:!DHE-DSS:%SSL3_RECORD_VERSION
}}}
There are three changes:
1. Switching the initial set of ciphers from NORMAL to SECURE128.
1. Deprioritizing RSA ciphers.
1. Removing all DHE-DSS ciphers.
Regarding the first change, in my last comment I said:
> I'm curious why you chose SECURE128 for gnutls? It seems like that
excludes 256 bit ciphers.
From my testing that appears to be true in GnuTLS 2.12.23 (possibly a
bug?), but it's ''not'' true in GnuTLS 3.2.11. The behavior in 3.2.11
matches [http://gnutls.org/manual/html_node/Priority-
Strings.html#tab_003aprio_002dkeywords the documentation], which says that
SECURE128 includes 128 and higher.
And in GnuTLS 3.2.11, using SECURE128 instead of NORMAL does disable a few
ciphers:
- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDHE_RSA_WITH_RC4_128_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_RSA_WITH_RC4_128_SHA
- TLS_RSA_WITH_RC4_128_MD5
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
- TLS_DHE_DSS_WITH_RC4_128_SHA
So that's cool. It also tweaks the order slightly (nothing too important--
just sorts some 128 bit ciphers ahead of 258 bit ciphers). So switching
from NORMAL to SECURE128 seems fine to me.
Regarding the second and third change (deprioritizing RSA and removing all
DHE-DSS), what's the reason for these?
I don't see a strong need to change the gnutls ciphers in our 2.x.y
branch. The only cipher which https://www.howsmyssl.com/ complains about
is TLS_DHE_DSS_WITH_RC4_128_SHA, and I think this is actually a bug in
https://www.howsmyssl.com/ (see https://savannah.gnu.org/support/?108577
and https://github.com/jmhodges/howsmyssl/issues/35 and
https://github.com/jmhodges/howsmyssl/commit/fe3db64430d4792e0d3be0f60a385dbb6cd6cf1b).
Using SECURE128 in master (which will eventually be released as 3.0.0)
isn't a bad idea. Though I'm a bit wary in general for us to be specifying
which ciphers we want. I'd prefer for this to happen at a deeper level
(either gnutls decides for us, or the OS decides). That seems like a
better way for Pidgin to seamlessly adapt to changing ciphers without us
needing to be encryption experts.
Another note about the patch: It changes the final fallback priority
string to match the default priority string. It doesn't make sense to try
to set the same string twice--if it failed the first time it's going to
fail the second time. Anyway, that's minor and not really important.
--
Ticket URL: <https://developer.pidgin.im/ticket/8061#comment:8>
Pidgin <https://pidgin.im>
Pidgin
More information about the Tracker
mailing list