ChronosXYZ/psyced
1
0
Fork 0
mirror of https://github.com/ChronosX88/psyced.git synced 2024-11-09 20:11:00 +00:00
Code Issues Projects Releases Wiki Activity

special hack for pidgin that in late 2013 still doesn't provide forward secrecy

Browse Source
This commit is contained in:
The TorPSYC Team 2013-11-16 01:52:31 +01:00
parent fe6d78ed9b
commit 202bfdd99a
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
world/net/library/tls.c
View File

@ -169,12 +169,14 @@ int tls_check_service_identity(string name, mixed cert, string scheme) {
} }
string tls_bad_cipher(object sock, string scheme) { string tls_bad_cipher(object sock, string scheme) {
// we can't expect that degree of privacy from jabber, for now // ignore if pidgin uses a bad cipher over an ssh tunnel
//if (scheme == "xmpp") return 0; if (scheme == "jabber" && is_localhost(query_ip_number(sock))) return 0;
mixed t = tls_query_connection_info(sock); mixed t = tls_query_connection_info(sock);
unless (t) return "NO-CIPHER"; // shouldnt happen unless (t) return "NO-CIPHER"; // shouldnt happen
t = t[TLS_CIPHER]; t = t[TLS_CIPHER];
P3(("%O is using the %O cipher.\n", sock, t)) P3(("%O is using the %O cipher.\n", sock, t))
// shouldn't our negotiation have ensured we have PFS? // shouldn't our negotiation have ensured we have PFS?
if (stringp(t) &&! (abbrev("DHE", t) || abbrev("ECDHE", t))) { if (stringp(t) &&! (abbrev("DHE", t) || abbrev("ECDHE", t))) {
monitor_report("_warning_circuit_encryption_cipher_details", monitor_report("_warning_circuit_encryption_cipher_details",