[Pidgin] #16262: Enabled ciphers in NSS unnecessarily limited
Pidgin
trac at pidgin.im
Sat Nov 1 07:11:08 EDT 2014
#16262: Enabled ciphers in NSS unnecessarily limited
-----------------------+------------------------
Reporter: asjoegren | Owner: EionRobb
Type: defect | Status: new
Milestone: | Component: libpurple
Version: 2.10.10 | Resolution:
Keywords: ssl nss |
-----------------------+------------------------
Comment (by asjoegren):
Replying to [comment:16 datallah]:
> I wrote a plugin (https://pidgin.im/~datallah/nss-prefs.c) that allows
customization of the NSS cipher suites.
Cool!
Shouldn't Pidgin by default enable the ciphers with forward secrecy, and
disable RC4, though? It seems to be the case for GnuTLS in the ticket you
mention, #8061.
> It still won't work with your server because now you have it configured
to only use the following cipher suites, which NSS doesn't support:
> {{{
> ECDHE-RSA-AES256-GCM-SHA384 (0xc030)
> ECDHE-RSA-AES256-SHA384 (0xc028)
> }}}
That is odd, GnuTLS and OpenSSL support them fine. I did not mean to cut
it down to quite so few ciphers, though, so I'll adjust my configuration
and your plugin will come in handy.
Thanks for looking into this!
--
Ticket URL: <https://developer.pidgin.im/ticket/16262#comment:17>
Pidgin <https://pidgin.im>
Pidgin
More information about the Tracker
mailing list