[Pidgin] #15861: Disable SSLv3
Pidgin
trac at pidgin.im
Tue Jan 14 04:55:39 EST 2014
#15861: Disable SSLv3
---------------------------+--------------------
Reporter: fedor.brunner | Owner: deryni
Type: defect | Status: new
Milestone: | Component: XMPP
Version: 2.10.7 | Keywords:
---------------------------+--------------------
Hi,
Pidgin is currently supporting SSL3.0 and TLS1.0 for encrypted
connections. Because an active attacker can force Pidgin to downgrade
TLS1.0 to SSL3.0 connection we should disable SSL3.0.
http://crypto.stackexchange.com/questions/10493/why-is-tls-susceptible-to-
protocol-downgrade-attacks
According to reports from
https://xmpp.net/reports.php
TLS 1.0 protocol is supported on 99.5% of public XMPP servers
--
Ticket URL: <https://developer.pidgin.im/ticket/15861>
Pidgin <https://pidgin.im>
Pidgin
More information about the Tracker
mailing list