[Pidgin] #8061: Let the user select trusted ciphers for TLS
Pidgin
trac at pidgin.im
Mon Jul 14 03:34:13 EDT 2014
#8061: Let the user select trusted ciphers for TLS
------------------------------------+------------------------
Reporter: ben | Owner:
Type: enhancement | Status: new
Milestone: Patches Needing Review | Component: libpurple
Version: 2.5.3 | Resolution:
Keywords: ssl, tls |
------------------------------------+------------------------
Comment (by juergenhecht):
Hi guys,
at the moment I use these as my default preferred ciphers in file:
/libpurple/plugins/ssl/ssl-nss.c
{{{
// PFS w/ GCM
SSL_CipherPrefSetDefault(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1);
SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 1);
// PFS w/ CBC
SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 1);
SSL_CipherPrefSetDefault(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 1);
SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 1);
SSL_CipherPrefSetDefault(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1);
SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 1);
SSL_CipherPrefSetDefault(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1);
SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 1);
// no PFS
SSL_CipherPrefSetDefault(TLS_RSA_WITH_AES_256_CBC_SHA256, 1);
SSL_CipherPrefSetDefault(TLS_RSA_WITH_AES_128_GCM_SHA256, 1);
SSL_CipherPrefSetDefault(TLS_RSA_WITH_AES_128_CBC_SHA256, 1);
SSL_CipherPrefSetDefault(TLS_RSA_WITH_AES_256_CBC_SHA, 1);
SSL_CipherPrefSetDefault(TLS_RSA_WITH_AES_128_CBC_SHA, 1);
}}}
--
Ticket URL: <https://developer.pidgin.im/ticket/8061#comment:6>
Pidgin <https://pidgin.im>
Pidgin
More information about the Tracker
mailing list