From 202bfdd99a048bc81815f7aeb803e15cef58882b Mon Sep 17 00:00:00 2001
From: The TorPSYC Team <psyc://7yuogiqxgrak36kk.onion/@team>
Date: Sat, 16 Nov 2013 01:52:31 +0100
Subject: [PATCH] special hack for pidgin that in late 2013 still doesn't
 provide forward secrecy

---
 world/net/library/tls.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/world/net/library/tls.c b/world/net/library/tls.c
index f6727ef..d78da17 100644
--- a/world/net/library/tls.c
+++ b/world/net/library/tls.c
@@ -169,12 +169,14 @@ int tls_check_service_identity(string name, mixed cert, string scheme) {
 }
 
 string tls_bad_cipher(object sock, string scheme) {
-    // we can't expect that degree of privacy from jabber, for now
-    //if (scheme == "xmpp") return 0;
+    // ignore if pidgin uses a bad cipher over an ssh tunnel
+    if (scheme == "jabber" && is_localhost(query_ip_number(sock))) return 0;
+
     mixed t = tls_query_connection_info(sock);
     unless (t) return "NO-CIPHER";  // shouldnt happen
     t = t[TLS_CIPHER];
     P3(("%O is using the %O cipher.\n", sock, t))
+
     // shouldn't our negotiation have ensured we have PFS?
     if (stringp(t) &&! (abbrev("DHE", t) || abbrev("ECDHE", t))) {
 	monitor_report("_warning_circuit_encryption_cipher_details",