[Pidgin] #16405: "Advanced" XMPP settings for encryption too vague

Pidgin trac at pidgin.im
Thu Oct 23 18:43:41 EDT 2014

#16405: "Advanced" XMPP settings for encryption too vague
 Reporter:  smu johnson  |      Owner:  deryni
     Type:  enhancement  |     Status:  new
Milestone:               |  Component:  XMPP
  Version:  2.10.9       |   Keywords:  XMPP Advanced tab ssl tls

 Something I've noticed for years now, but decided to make mention today
 (after all the news with Heartbleed, Poodle, etc):

 Could Pidgin's Advanced Settings be remodeled to be more detailed as to
 what protocol it is actually using or which it will "pick first" for
 certain protocols, namely: XMPP?

 Right now, it just says "Require encryption" which tells you nothing about
 what version of SSL or TLS it is using.  When you click it to see other
 options, you also have a line saying "Use old-style SSL", which doesn't
 help explain anything any better.  What on earth does "old-style" mean?
 Sounds like a pancake recipe.  I suppose to find out, one has to dig
 through the source code.  Personally, it seems like it makes more sense
 just to tell you what it's doing and what it isn't doing in no uncertain

 As far as I can tell, 4 common choices you'd expect to see might be:
 SSLv3 (well, probably not as of this writing), TLSv1.0, TLSv1.1, TLS1.2,
 and maybe in the future, TLSv1.2.  Even a cute checkbox system where you
 could pick which protocols to allow or disallow, might be an improvement,
 since you can tell right away that it can disable something like SSLv3, or
 any others down the road should the other protocols share the same fate.

 Thanks for reading.

Ticket URL: <https://developer.pidgin.im/ticket/16405>
Pidgin <https://pidgin.im>

More information about the Tracker mailing list