diff options
author | Yorhel <git@yorhel.nl> | 2015-02-21 08:59:06 +0100 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2015-02-21 08:59:06 +0100 |
commit | 249c0f8ee5c1cc79b944208877538a508edcc5d0 (patch) | |
tree | a7f2d311289968f08013b8bdea9f6300e8708fa8 | |
parent | 55616ac0ecb65fcbd8f9fd06d0824d76e014d6bb (diff) |
Disable RC4 ciphers by default from tls_priority
I can't say I'm a huge fan of referencing specific ciphers and features
in the default tls_priority setting for two reasons:
1. If the particular feature isn't supported by the GnuTLS version being
used, it will cause GnuTLS to return with an error during connect and
all TLS activity will fail.
2. I am not an authority in figuring out which ciphers are "secure
enough", nor do I have any clue as to which settings may cause
issues with compatibility. GnuTLS has a "NORMAL" setting for a
reason.
As for (1), I think it's safe to assume every GnuTLS library has support
for RC4, considering its wide-spread use. Though if RC4 is ever removed,
ncdc will break.
For (2), it's unfortunate that the "NORMAL" setting doesn't exclude RC4
already. Likely for compatibility reasons in the context of HTTPS. All
DC clients and hubs ought to support better ciphers so it shouldn't be
an issue for us to exclude it.
Fixes bug #73: http://dev.yorhel.nl/ncdc/bug/73
-rw-r--r-- | src/vars.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -990,7 +990,7 @@ struct var_t { V(slots, 1,0, f_int, p_int_ge1, NULL, NULL, s_hubinfo, "10")\ V(sudp_policy, 1,0, f_sudp_policy, p_sudp_policy, su_sudp_policy,g_sudp_policy,s_sudp_policy, G_STRINGIFY(VAR_SUDPP_PREFER))\ V(tls_policy, 1,1, f_tls_policy, p_tls_policy, su_tls_policy, g_tls_policy, s_tls_policy, G_STRINGIFY(VAR_TLSP_PREFER))\ - V(tls_priority, 1,0, f_id, p_tls_priority, su_old, NULL, NULL, "NORMAL")\ + V(tls_priority, 1,0, f_id, p_tls_priority, su_old, NULL, NULL, "NORMAL:-ARCFOUR-40:-ARCFOUR-128")\ V(ui_time_format, 1,0, f_id, p_id, su_old, NULL, NULL, "[%H:%M:%S]")\ V(upload_rate, 1,0, f_speed, p_speed, NULL, NULL, NULL, NULL) |