Task #8381

PRIVACY & SECURITY: Unable to connect with XMPP servers that require use of strong ciphers that support forward secrecy

Added by Anonymous 6 months ago.

Status:NewStart date:08/14/2016
Priority:HighDue date:
Assignee:Anonymous% Done:


Target version:Orfox RC


Attempts to connect to XMPP servers that require explicit use of Forward Secrecy Cipher Suite(s) fail. ChatSecure Android client does not appear to support PFS ciphers.

Specifically, the following standard Forward Secrecy Cipher Suite(s) appear missing from ChatSecure:
ECDHE-ECDSA-AES256-GCM-SHA384 (0xc02c)
ECDHE-ECDSA-AES256-SHA384 (0xc024)
ECDHE-ECDSA-AES128-GCM-SHA256 (0xc02b)

I have setup an (intermittently available) test server that only supports these higher ciphers so that you may independently verify if need be.
IM Observatory test results to test server (and server details) - https://xmpp.net/result.php?id=434489
While TLS negotiation fails with ChatSecure:Android, it remains successful with desktop xmpp client such as PSI.

Support for standard PFS ciphers is requested as part of the standard privacy & security model to which ChatSecure prescribes.

tmp_7442-0001942048903360.pdf (34.7 KB) Anonymous, 03/03/2017 01:24 am

Related issues

Copied from Orfox Private Browser - Task #8207: PRIVACY & SECURITY: Unable to connect with XMPP servers ... New 08/14/2016

Also available in: Atom PDF