[Bug 71304] prefer PFS cipher suites and TLS 1.2; optionally disable SSLv3, SSLv2
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Wed Nov 6 06:27:57 PST 2013
https://bugs.freedesktop.org/show_bug.cgi?id=71304
--- Comment #4 from Simon McVittie <simon.mcvittie at collabora.co.uk> ---
Created attachment 88756
--> https://bugs.freedesktop.org/attachment.cgi?id=88756&action=edit
[wocky] Use GNUTLS and OpenSSL defaults for cipher/algorithm choice
We're not TLS experts, so we shouldn't be second-guessing the
libraries. In particular, RC4 and TLS stream compression seem to
be rather discredited, and the ENABLE_PREFER_STREAM_CIPHERS
option seems like a potential recipe for disaster.
If a distributor wants to alter the cipher preferences, they can
either patch their OpenSSL/GNUTLS library, patch their Wocky
library, or propose a patch to add configure options that set
the DEFAULT_TLS_OPTIONS or cipher list directly.
---
Here's a starting point for this: leave the configuration up to the experts.
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
More information about the telepathy-bugs
mailing list