Mercurial > pidgin.yaz
changeset 24112:0006181485ea
Enable a number of default-disabled strong ciphers for NSS.
For some reason the NSS default US Domestic policy does not enable a
number of strong ciphers which are entirely reasonable, and in fact
may be preferred. (E.g. those using SHA over MD5.)
This patch enables all available AES, 3DES, and RC4 ciphers which are
not enabled by default.
Thanks to Marcus Trautwig for this.
Fixes #1435
author | Ethan Blanton <elb@pidgin.im> |
---|---|
date | Tue, 23 Sep 2008 17:36:13 +0000 |
parents | 14915e96311e |
children | a29ae9a5c311 6c8f5ebbb6b7 |
files | COPYRIGHT ChangeLog libpurple/plugins/ssl/ssl-nss.c |
diffstat | 3 files changed, 16 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/COPYRIGHT Tue Sep 23 08:33:34 2008 +0000 +++ b/COPYRIGHT Tue Sep 23 17:36:13 2008 +0000 @@ -425,6 +425,7 @@ Gal Topper Chris Toshok Ken Tossell +Marcus Trautwig Tom Tromey Todd Troxell Brad Turcotte
--- a/ChangeLog Tue Sep 23 08:33:34 2008 +0000 +++ b/ChangeLog Tue Sep 23 17:36:13 2008 +0000 @@ -5,6 +5,8 @@ * Restored the "Has You" feature to the MSN protocol tooltips. * Fixed a crash on removing a custom buddy icon on a buddy. * Fixed a crash caused by certain self-signed SSL certificates. + * Enable a number of strong ciphers which were previously disabled + when using NSS. (Thanks to Marcus Trautwig.) Pidgin: * The status selector now saves your message when changing status.
--- a/libpurple/plugins/ssl/ssl-nss.c Tue Sep 23 08:33:34 2008 +0000 +++ b/libpurple/plugins/ssl/ssl-nss.c Tue Sep 23 17:36:13 2008 +0000 @@ -141,6 +141,19 @@ g_free(lib); NSS_SetDomesticPolicy(); + SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 1); + SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 1); + SSL_CipherPrefSetDefault(TLS_RSA_WITH_AES_256_CBC_SHA, 1); + SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_RC4_128_SHA, 1); + SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 1); + SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 1); + SSL_CipherPrefSetDefault(SSL_RSA_WITH_RC4_128_SHA, 1); + SSL_CipherPrefSetDefault(TLS_RSA_WITH_AES_128_CBC_SHA, 1); + SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 1); + SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 1); + SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1); + SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1); + _identity = PR_GetUniqueIdentity("Purple"); _nss_methods = PR_GetDefaultIOMethods(); }