Mercurial > pidgin.yaz

diff libpurple/plugins/ssl/ssl-nss.c @ 24112:0006181485ea

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Enable a number of default-disabled strong ciphers for NSS. For some reason the NSS default US Domestic policy does not enable a number of strong ciphers which are entirely reasonable, and in fact may be preferred. (E.g. those using SHA over MD5.) This patch enables all available AES, 3DES, and RC4 ciphers which are not enabled by default. Thanks to Marcus Trautwig for this. Fixes #1435
author Ethan Blanton <elb@pidgin.im>
date Tue, 23 Sep 2008 17:36:13 +0000
parents 67cb8706a2f2
children e39cafdbe089
line wrap: on
line diff
--- a/libpurple/plugins/ssl/ssl-nss.c	Tue Sep 23 08:33:34 2008 +0000
+++ b/libpurple/plugins/ssl/ssl-nss.c	Tue Sep 23 17:36:13 2008 +0000
@@ -141,6 +141,19 @@
 	g_free(lib);
 	NSS_SetDomesticPolicy();
 
+	SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 1);
+	SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 1);
+	SSL_CipherPrefSetDefault(TLS_RSA_WITH_AES_256_CBC_SHA, 1);
+	SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_RC4_128_SHA, 1);
+	SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 1);
+	SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 1);
+	SSL_CipherPrefSetDefault(SSL_RSA_WITH_RC4_128_SHA, 1);
+	SSL_CipherPrefSetDefault(TLS_RSA_WITH_AES_128_CBC_SHA, 1);
+	SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 1);
+	SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 1);
+	SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);
+	SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);
+
 	_identity = PR_GetUniqueIdentity("Purple");
 	_nss_methods = PR_GetDefaultIOMethods();
 }