Task #8381
PRIVACY & SECURITY: Unable to connect with XMPP servers that require use of strong ciphers that support forward secrecy
Status: | New | Start date: | 08/14/2016 | |
---|---|---|---|---|
Priority: | High | Due date: | ||
Assignee: | Anonymous | % Done: | 100% | |
Category: | - | |||
Target version: | Orfox RC | |||
Component: |
Description
Attempts to connect to XMPP servers that require explicit use of Forward Secrecy Cipher Suite(s) fail. ChatSecure Android client does not appear to support PFS ciphers.
Specifically, the following standard Forward Secrecy Cipher Suite(s) appear missing from ChatSecure:
ECDHE-ECDSA-AES256-GCM-SHA384 (0xc02c)
ECDHE-ECDSA-AES256-SHA384 (0xc024)
ECDHE-ECDSA-AES128-GCM-SHA256 (0xc02b)
I have setup an (intermittently available) test server that only supports these higher ciphers so that you may independently verify if need be.
IM Observatory test results to test server (and server details) - https://xmpp.net/result.php?id=434489
While TLS negotiation fails with ChatSecure:Android, it remains successful with desktop xmpp client such as PSI.
Support for standard PFS ciphers is requested as part of the standard privacy & security model to which ChatSecure prescribes.
Related issues