[Pidgin] #15861: Disable SSLv3

Pidgin trac at pidgin.im
Tue Jan 14 04:55:39 EST 2014


#15861: Disable SSLv3
---------------------------+--------------------
 Reporter:  fedor.brunner  |      Owner:  deryni
     Type:  defect         |     Status:  new
Milestone:                 |  Component:  XMPP
  Version:  2.10.7         |   Keywords:
---------------------------+--------------------
 Hi,
 Pidgin is currently supporting SSL3.0 and TLS1.0 for encrypted
 connections. Because an active attacker can force Pidgin to downgrade
 TLS1.0 to SSL3.0 connection we should disable SSL3.0.

 http://crypto.stackexchange.com/questions/10493/why-is-tls-susceptible-to-
 protocol-downgrade-attacks

 According to reports from
 https://xmpp.net/reports.php
 TLS 1.0 protocol is supported on 99.5% of public XMPP servers

-- 
Ticket URL: <https://developer.pidgin.im/ticket/15861>
Pidgin <https://pidgin.im>
Pidgin


More information about the Tracker mailing list