[Pidgin] #8061: Let the user select trusted ciphers for TLS
trac at pidgin.im
Sun Aug 17 11:08:01 EDT 2014
#8061: Let the user select trusted ciphers for TLS
Reporter: ben | Owner: MarkDoliner
Type: enhancement | Status: new
Milestone: Patches Needing Review | Component: libpurple
Version: 2.5.3 | Resolution:
Keywords: ssl, tls |
Comment (by belmyst):
Replying to [comment:8 MarkDoliner]:
> There are three changes:
> 1. Switching the initial set of ciphers from NORMAL to SECURE128.
> 2. Deprioritizing RSA ciphers.
> 3. Removing all DHE-DSS ciphers.
> Regarding the first change, in my last comment I said:
> > I'm curious why you chose SECURE128 for gnutls? It seems like that
excludes 256 bit ciphers.
> From my testing that appears to be true in GnuTLS 2.12.23 (possibly a
bug?), but it's ''not'' true in GnuTLS 3.2.11. The behavior in 3.2.11
Strings.html#tab_003aprio_002dkeywords the documentation], which says that
SECURE128 includes 128 and higher.
To workaround this, we could change the priority string to
> And in GnuTLS 3.2.11, using SECURE128 instead of NORMAL does disable a
> - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
> - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
> - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
> - TLS_ECDHE_RSA_WITH_RC4_128_SHA
> - TLS_RSA_WITH_3DES_EDE_CBC_SHA
> - TLS_RSA_WITH_RC4_128_SHA
> - TLS_RSA_WITH_RC4_128_MD5
> - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
> - TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
> - TLS_DHE_DSS_WITH_RC4_128_SHA
> So that's cool. It also tweaks the order slightly (nothing too important
--just sorts some 128 bit ciphers ahead of 258 bit ciphers). So switching
from NORMAL to SECURE128 seems fine to me.
That's exactly what I intended, to disable any ciphers using MD5, 3DES or
> Regarding the second and third change (deprioritizing RSA and removing
all DHE-DSS), what's the reason for these?
DHE-DSS is just because I am not aware of any service using it. As it was
my opinion to disable it, I'll be glad to remove that change if it's
Regarding RSA, I wanted to make sure that forward secrecy ciphersuites are
prioritized. If you check Lighttpd's list, the ordering is as follows:
ECDHE-ECDSA, ECDHE-RSA, RSA, DHE-RSA and DHE-DSS.
> I don't see a strong need to change the gnutls ciphers in our 2.x.y
branch. The only cipher which https://www.howsmyssl.com/ complains about
is TLS_DHE_DSS_WITH_RC4_128_SHA, and I think this is actually a bug in
https://www.howsmyssl.com/ (see https://savannah.gnu.org/support/?108577
and https://github.com/jmhodges/howsmyssl/issues/35 and
Using SECURE128 in master (which will eventually be released as 3.0.0)
isn't a bad idea. Though I'm a bit wary in general for us to be specifying
which ciphers we want. I'd prefer for this to happen at a deeper level
(either gnutls decides for us, or the OS decides). That seems like a
better way for Pidgin to seamlessly adapt to changing ciphers without us
needing to be encryption experts.
> Another note about the patch: It changes the final fallback priority
string to match the default priority string. It doesn't make sense to try
to set the same string twice--if it failed the first time it's going to
fail the second time. Anyway, that's minor and not really important.
Ticket URL: <https://developer.pidgin.im/ticket/8061#comment:9>
More information about the Tracker