[Pidgin] #8061: Let the user select trusted ciphers for TLS

Pidgin trac at pidgin.im
Wed Jan 29 08:16:15 EST 2014


#8061: Let the user select trusted ciphers for TLS
-------------------------+------------------------
 Reporter:  ben          |       Owner:
     Type:  enhancement  |      Status:  new
Milestone:               |   Component:  libpurple
  Version:  2.5.3        |  Resolution:
 Keywords:  ssl, tls     |
-------------------------+------------------------

Comment (by elrond):

 == General ==
 With the current developments, it would be really good to have this. I
 don't want to offer MD5 or RC4 to any server these days.

 == Cipher Suites ==
 That said, it probably would be good to also be able to change the order
 of ciphers. The order I have seen on debian backport's pidgin is like:
 1. TLS_RSA_WITH_AES_256_CBC_SHA
 2. TLS_DHE_RSA_WITH_AES_256_CBC_SHA
 3. TLS_DHE_RSA_WITH_AES_128_CBC_SHA

 With good DH params, one would really prefer 2 instead of 1 for forward
 secrecy (yes, OTR makes things better, but that's not the topic here).

 == Protocol Versions ==
 NSS 3.14 (shipped in debian) [https://developer.mozilla.org/en-
 US/docs/NSS/NSS_3.14_release_notes supports TLS 1.1], while the handshake
 happening on the wire only indicates 1.0. Pleaser offer the maximum
 version supported by NSS to the server. TLS 1.1 fixes some issues and 1.2
 brings the GCM ciphers.

-- 
Ticket URL: <https://developer.pidgin.im/ticket/8061#comment:1>
Pidgin <https://pidgin.im>
Pidgin


More information about the Tracker mailing list