# HG changeset patch # User Ethan Blanton # Date 1222191373 0 # Node ID 0006181485ea86348366584a2963ec5bcda10954 # Parent 14915e96311e86f94f5beca9ba93aa7cbc9192af Enable a number of default-disabled strong ciphers for NSS. For some reason the NSS default US Domestic policy does not enable a number of strong ciphers which are entirely reasonable, and in fact may be preferred. (E.g. those using SHA over MD5.) This patch enables all available AES, 3DES, and RC4 ciphers which are not enabled by default. Thanks to Marcus Trautwig for this. Fixes #1435 diff -r 14915e96311e -r 0006181485ea COPYRIGHT --- a/COPYRIGHT Tue Sep 23 08:33:34 2008 +0000 +++ b/COPYRIGHT Tue Sep 23 17:36:13 2008 +0000 @@ -425,6 +425,7 @@ Gal Topper Chris Toshok Ken Tossell +Marcus Trautwig Tom Tromey Todd Troxell Brad Turcotte diff -r 14915e96311e -r 0006181485ea ChangeLog --- a/ChangeLog Tue Sep 23 08:33:34 2008 +0000 +++ b/ChangeLog Tue Sep 23 17:36:13 2008 +0000 @@ -5,6 +5,8 @@ * Restored the "Has You" feature to the MSN protocol tooltips. * Fixed a crash on removing a custom buddy icon on a buddy. * Fixed a crash caused by certain self-signed SSL certificates. + * Enable a number of strong ciphers which were previously disabled + when using NSS. (Thanks to Marcus Trautwig.) Pidgin: * The status selector now saves your message when changing status. diff -r 14915e96311e -r 0006181485ea libpurple/plugins/ssl/ssl-nss.c --- a/libpurple/plugins/ssl/ssl-nss.c Tue Sep 23 08:33:34 2008 +0000 +++ b/libpurple/plugins/ssl/ssl-nss.c Tue Sep 23 17:36:13 2008 +0000 @@ -141,6 +141,19 @@ g_free(lib); NSS_SetDomesticPolicy(); + SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 1); + SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 1); + SSL_CipherPrefSetDefault(TLS_RSA_WITH_AES_256_CBC_SHA, 1); + SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_RC4_128_SHA, 1); + SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 1); + SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 1); + SSL_CipherPrefSetDefault(SSL_RSA_WITH_RC4_128_SHA, 1); + SSL_CipherPrefSetDefault(TLS_RSA_WITH_AES_128_CBC_SHA, 1); + SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 1); + SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 1); + SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1); + SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1); + _identity = PR_GetUniqueIdentity("Purple"); _nss_methods = PR_GetDefaultIOMethods(); }