mirror of
git://git.psyced.org/git/psyced
synced 2024-08-15 03:25:10 +00:00
special hack for pidgin that in late 2013 still doesn't provide forward secrecy
This commit is contained in:
parent
fe6d78ed9b
commit
202bfdd99a
1 changed files with 4 additions and 2 deletions
|
@ -169,12 +169,14 @@ int tls_check_service_identity(string name, mixed cert, string scheme) {
|
||||||
}
|
}
|
||||||
|
|
||||||
string tls_bad_cipher(object sock, string scheme) {
|
string tls_bad_cipher(object sock, string scheme) {
|
||||||
// we can't expect that degree of privacy from jabber, for now
|
// ignore if pidgin uses a bad cipher over an ssh tunnel
|
||||||
//if (scheme == "xmpp") return 0;
|
if (scheme == "jabber" && is_localhost(query_ip_number(sock))) return 0;
|
||||||
|
|
||||||
mixed t = tls_query_connection_info(sock);
|
mixed t = tls_query_connection_info(sock);
|
||||||
unless (t) return "NO-CIPHER"; // shouldnt happen
|
unless (t) return "NO-CIPHER"; // shouldnt happen
|
||||||
t = t[TLS_CIPHER];
|
t = t[TLS_CIPHER];
|
||||||
P3(("%O is using the %O cipher.\n", sock, t))
|
P3(("%O is using the %O cipher.\n", sock, t))
|
||||||
|
|
||||||
// shouldn't our negotiation have ensured we have PFS?
|
// shouldn't our negotiation have ensured we have PFS?
|
||||||
if (stringp(t) &&! (abbrev("DHE", t) || abbrev("ECDHE", t))) {
|
if (stringp(t) &&! (abbrev("DHE", t) || abbrev("ECDHE", t))) {
|
||||||
monitor_report("_warning_circuit_encryption_cipher_details",
|
monitor_report("_warning_circuit_encryption_cipher_details",
|
||||||
|
|
Loading…
Reference in a new issue