[Pidgin] #16262: Enabled ciphers in NSS unnecessarily limited

Pidgin trac at pidgin.im
Sat Nov 1 07:11:08 EDT 2014

#16262: Enabled ciphers in NSS unnecessarily limited
 Reporter:  asjoegren  |       Owner:  EionRobb
     Type:  defect     |      Status:  new
Milestone:             |   Component:  libpurple
  Version:  2.10.10    |  Resolution:
 Keywords:  ssl nss    |

Comment (by asjoegren):

 Replying to [comment:16 datallah]:
 > I wrote a plugin (https://pidgin.im/~datallah/nss-prefs.c) that allows
 customization of the NSS cipher suites.


 Shouldn't Pidgin by default enable the ciphers with forward secrecy, and
 disable RC4, though? It seems to be the case for GnuTLS in the ticket you
 mention, #8061.

 > It still won't work with your server because now you have it configured
 to only use the following cipher suites, which NSS doesn't support:
 > {{{
 > ECDHE-RSA-AES256-GCM-SHA384 (0xc030)
 > ECDHE-RSA-AES256-SHA384 (0xc028)
 > }}}

 That is odd, GnuTLS and OpenSSL support them fine. I did not mean to cut
 it down to quite so few ciphers, though, so I'll adjust my configuration
 and your plugin will come in handy.

 Thanks for looking into this!

Ticket URL: <https://developer.pidgin.im/ticket/16262#comment:17>
Pidgin <https://pidgin.im>

More information about the Tracker mailing list