psyc-mirrors/psyced
1
0
Fork 0
mirror of git://git.psyced.org/git/psyced synced 2024-08-15 03:25:10 +00:00
Code Issues 2 Releases Wiki Activity

meaningful forward secrecy info

Browse source
This commit is contained in:
The TorPSYC Team 2013-11-16 01:26:32 +01:00
parent ec6ccbfc4f
commit fe6d78ed9b
8 changed files with 37 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

20
world/net/library/tls.c
View file

@ -168,19 +168,19 @@ int tls_check_service_identity(string name, mixed cert, string scheme) {
return 0;
}
int tls_check_cipher(object sock, string scheme) {
string t;
mixed m = tls_query_connection_info(sock);
P3(("%O is using the %O cipher.\n", sock, m[TLS_CIPHER]))
string tls_bad_cipher(object sock, string scheme) {
// we can't expect that degree of privacy from jabber, for now
//if (scheme == "xmpp") return 0;
mixed t = tls_query_connection_info(sock);
unless (t) return "NO-CIPHER"; // shouldnt happen
t = t[TLS_CIPHER];
P3(("%O is using the %O cipher.\n", sock, t))
// shouldn't our negotiation have ensured we have PFS?
if (stringp(t = m[TLS_CIPHER]) &&! (abbrev("DHE", t) || abbrev("ECDHE", t))) {
if (stringp(t) &&! (abbrev("DHE", t) || abbrev("ECDHE", t))) {
monitor_report("_warning_circuit_encryption_cipher_details",
object_name(sock) +" · using "+ t +" cipher");
// we can't expect that degree of privacy from jabber, for now
if (scheme != "xmpp") return 0;
return t;
}
return 1;
return 0;
}