[Bug 71304] New: prefer PFS cipher suites and TLS 1.2; optionally disable SSLv3, SSLv2
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Wed Nov 6 05:53:16 PST 2013
https://bugs.freedesktop.org/show_bug.cgi?id=71304
Priority: medium
Bug ID: 71304
Keywords: love
Assignee: telepathy-bugs at lists.freedesktop.org
Summary: prefer PFS cipher suites and TLS 1.2; optionally
disable SSLv3, SSLv2
QA Contact: telepathy-bugs at lists.freedesktop.org
Severity: enhancement
Classification: Unclassified
OS: All
Reporter: simon.mcvittie at collabora.co.uk
Hardware: Other
Status: NEW
Version: git master
Component: gabble
Product: Telepathy
https://github.com/stpeter/manifesto/blob/master/manifesto.txt says:
o prefer the latest version of TLS (TLS 1.2)
o disable support for the older and less secure SSL standard
(SSLv2 and SSLv3)
o provide configuration options to require channel encryption for
client-to-server and server-to-server connections
o provide configuration options to prefer or require cipher
suites that enable forward secrecy
We should do that.
For interop with defective corporate XMPP servers, we should probably offer a
boolean allow-ssl3 parameter, and perhaps a allow-ssl2 parameter too. They can
be off by default, hopefully.
I hope we won't need an allow-tls1.2 parameter (on by default) for interop with
servers that choke on that... but perhaps we will.
We'll eventually need allow-tls1.1 and allow-tls1.0 parameters, probably. While
we're adding things we might as well complete the set!
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
More information about the telepathy-bugs
mailing list