pidgin.yaz: libpurple/plugins/ssl/ssl-nss.c comparison

comparison libpurple/plugins/ssl/ssl-nss.c @ 24112:0006181485ea

Enable a number of default-disabled strong ciphers for NSS. For some reason the NSS default US Domestic policy does not enable a number of strong ciphers which are entirely reasonable, and in fact may be preferred. (E.g. those using SHA over MD5.) This patch enables all available AES, 3DES, and RC4 ciphers which are not enabled by default. Thanks to Marcus Trautwig for this. Fixes #1435

author	Ethan Blanton <elb@pidgin.im>
date	Tue, 23 Sep 2008 17:36:13 +0000
parents	67cb8706a2f2
children	e39cafdbe089

comparison

equal deleted inserted replaced

-:14915e96311e
+:0006181485ea
 	lib = g_strdup("nssckbi.dll");
 #endif
 	SECMOD_AddNewModule("Builtins", lib, 0, 0);
 	g_free(lib);
 	NSS_SetDomesticPolicy();
+	SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 1);
+	SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 1);
+	SSL_CipherPrefSetDefault(TLS_RSA_WITH_AES_256_CBC_SHA, 1);
+	SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_RC4_128_SHA, 1);
+	SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 1);
+	SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 1);
+	SSL_CipherPrefSetDefault(SSL_RSA_WITH_RC4_128_SHA, 1);
+	SSL_CipherPrefSetDefault(TLS_RSA_WITH_AES_128_CBC_SHA, 1);
+	SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 1);
+	SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 1);
+	SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);
+	SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);
 	_identity = PR_GetUniqueIdentity("Purple");
 	_nss_methods = PR_GetDefaultIOMethods();
 }

Mercurial > pidgin.yaz

comparison libpurple/plugins/ssl/ssl-nss.c @ 24112:0006181485ea