[Pidgin] #8061: Let the user select trusted ciphers for TLS
Pidgin
trac at pidgin.im
Wed Jan 29 08:16:15 EST 2014
#8061: Let the user select trusted ciphers for TLS
-------------------------+------------------------
Reporter: ben | Owner:
Type: enhancement | Status: new
Milestone: | Component: libpurple
Version: 2.5.3 | Resolution:
Keywords: ssl, tls |
-------------------------+------------------------
Comment (by elrond):
== General ==
With the current developments, it would be really good to have this. I
don't want to offer MD5 or RC4 to any server these days.
== Cipher Suites ==
That said, it probably would be good to also be able to change the order
of ciphers. The order I have seen on debian backport's pidgin is like:
1. TLS_RSA_WITH_AES_256_CBC_SHA
2. TLS_DHE_RSA_WITH_AES_256_CBC_SHA
3. TLS_DHE_RSA_WITH_AES_128_CBC_SHA
With good DH params, one would really prefer 2 instead of 1 for forward
secrecy (yes, OTR makes things better, but that's not the topic here).
== Protocol Versions ==
NSS 3.14 (shipped in debian) [https://developer.mozilla.org/en-
US/docs/NSS/NSS_3.14_release_notes supports TLS 1.1], while the handshake
happening on the wire only indicates 1.0. Pleaser offer the maximum
version supported by NSS to the server. TLS 1.1 fixes some issues and 1.2
brings the GCM ciphers.
--
Ticket URL: <https://developer.pidgin.im/ticket/8061#comment:1>
Pidgin <https://pidgin.im>
Pidgin
More information about the Tracker
mailing list