[Pidgin] #8061: Let the user select trusted ciphers for TLS

Pidgin trac at pidgin.im
Sun Aug 17 11:08:01 EDT 2014 

#8061: Let the user select trusted ciphers for TLS
------------------------------------+--------------------------
 Reporter:  ben                     |       Owner:  MarkDoliner
     Type:  enhancement             |      Status:  new
Milestone:  Patches Needing Review  |   Component:  libpurple
  Version:  2.5.3                   |  Resolution:
 Keywords:  ssl, tls                |
------------------------------------+--------------------------

Comment (by belmyst):

 Replying to [comment:8 MarkDoliner]:
 > There are three changes:
 > 1. Switching the initial set of ciphers from NORMAL to SECURE128.
 > 2. Deprioritizing RSA ciphers.
 > 3. Removing all DHE-DSS ciphers.
 >
 > Regarding the first change, in my last comment I said:
 > > I'm curious why you chose SECURE128 for gnutls? It seems like that
 excludes 256 bit ciphers.
 > From my testing that appears to be true in GnuTLS 2.12.23 (possibly a
 bug?), but it's ''not'' true in GnuTLS 3.2.11. The behavior in 3.2.11
 matches [http://gnutls.org/manual/html_node/Priority-
 Strings.html#tab_003aprio_002dkeywords the documentation], which says that
 SECURE128 includes 128 and higher.

 To workaround this, we could change the priority string to
 {{{SECURE256:SECURE128:-RSA:+RSA:!DHE-DSS:%SSL3_RECORD_VERSION}}}.

 > And in GnuTLS 3.2.11, using SECURE128 instead of NORMAL does disable a
 few ciphers:
 > - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
 > - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
 > - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
 > - TLS_ECDHE_RSA_WITH_RC4_128_SHA
 > - TLS_RSA_WITH_3DES_EDE_CBC_SHA
 > - TLS_RSA_WITH_RC4_128_SHA
 > - TLS_RSA_WITH_RC4_128_MD5
 > - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
 > - TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
 > - TLS_DHE_DSS_WITH_RC4_128_SHA
 > So that's cool. It also tweaks the order slightly (nothing too important
 --just sorts some 128 bit ciphers ahead of 258 bit ciphers). So switching
 from NORMAL to SECURE128 seems fine to me.

 That's exactly what I intended, to disable any ciphers using MD5, 3DES or
 RC4.

 > Regarding the second and third change (deprioritizing RSA and removing
 all DHE-DSS), what's the reason for these?

 DHE-DSS is just because I am not aware of any service using it. As it was
 my opinion to disable it, I'll be glad to remove that change if it's
 needed.
 Regarding RSA, I wanted to make sure that forward secrecy ciphersuites are
 prioritized. If you check Lighttpd's list, the ordering is as follows:
 ECDHE-ECDSA, ECDHE-RSA, RSA, DHE-RSA and DHE-DSS.

 > I don't see a strong need to change the gnutls ciphers in our 2.x.y
 branch. The only cipher which https://www.howsmyssl.com/ complains about
 is TLS_DHE_DSS_WITH_RC4_128_SHA, and I think this is actually a bug in
 https://www.howsmyssl.com/ (see https://savannah.gnu.org/support/?108577
 and https://github.com/jmhodges/howsmyssl/issues/35 and
 https://github.com/jmhodges/howsmyssl/commit/fe3db64430d4792e0d3be0f60a385dbb6cd6cf1b).
 Using SECURE128 in master (which will eventually be released as 3.0.0)
 isn't a bad idea. Though I'm a bit wary in general for us to be specifying
 which ciphers we want. I'd prefer for this to happen at a deeper level
 (either gnutls decides for us, or the OS decides). That seems like a
 better way for Pidgin to seamlessly adapt to changing ciphers without us
 needing to be encryption experts.
 >
 >
 > Another note about the patch: It changes the final fallback priority
 string to match the default priority string. It doesn't make sense to try
 to set the same string twice--if it failed the first time it's going to
 fail the second time. Anyway, that's minor and not really important.

--
Ticket URL: <https://developer.pidgin.im/ticket/8061#comment:9>
Pidgin <https://pidgin.im>
Pidgin

More information about the Tracker mailing list