Bug #1823
SECURITY: TLS uses weak ciphers to connect
| Status: | Resolved | Start date: | 09/04/2013 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | - | |||
| Target version: | v14.2 bug fix update! | |||
| Component: |
Description
Please see the results of TLS cipher testing:
https://blog.thijsalkema.de/blog/2013/09/02/the-state-of-tls-on-xmpp-3/
GibberBot currently prefers weak RC4-MD5, RC4-SHA ciphers. Ephemeral suites and elliptic curve modes should be preferred when available, something like:
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
ECDH-RSA-AES256-GCM-SHA384
ECDH-ECDSA-AES256-GCM-SHA384
ECDH-RSA-AES256-SHA384
ECDH-ECDSA-AES256-SHA384
ECDH-RSA-AES256-SHA
ECDH-ECDSA-AES256-SHA
DHE-DSS-AES256-GCM-SHA384
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-DSS-AES256-SHA256
DHE-RSA-AES256-SHA
DHE-DSS-AES256-SHA
History
#1 Updated by n8fr8 over 4 years ago
- Target version set to v12 - March Mantra
#2 Updated by n8fr8 over 4 years ago
- Status changed from New to Feedback
- Target version changed from v12 - March Mantra to v13 - October Oooya
we have patched the ASMACK library to use a custom set of cipher suites, in line with what is deemed best practices. we will further tune and verify this in our next v13 release this month.
#3 Updated by n8fr8 about 4 years ago
- Target version changed from v13 - October Oooya to v14 - Armadillo's Agram
#4 Updated by n8fr8 over 2 years ago
- Target version changed from v14 - Armadillo's Agram to v14.2 bug fix update!
#5 Updated by n8fr8 over 2 years ago
- Status changed from Feedback to Resolved