moparisthebest/Conversations
1
0
Fork 0
mirror of https://github.com/moparisthebest/Conversations synced 2024-11-11 19:55:03 -05:00
Code Issues Releases Wiki Activity
67f8ed44bd
Conversations/src/main/java/eu/siacs/conversations
History
Boris Wachtmeister 67f8ed44bd disable all really weak cipher suites 
With #959 all ciphers of the platform were enabled, but this also
includes several suites that are considered as very weak, even down to
NULL- and anon-ciphers which disable completely disable encryption
and/or authentication. Especially the anon-ciphers could be easily used
for a mitm-attack.

To remove all weak ciphers a blacklist with patterns of cipher-names was
added to Config.java. The blacklist is based on the "mandatory discards"
that Mozilla suggests to not use for TLS-servers because they are weak
or known to be broken.
https://wiki.mozilla.org/Security/Server_Side_TLS#Mandatory_discards
2015-03-07 15:48:29 +01:00
..
crypto added typing notifications through XEP-0085. fixed #210 2015-02-21 11:06:52 +01:00
entities added methods to count number of unread messages 2015-03-02 11:53:15 +01:00
generator added typing notifications through XEP-0085. fixed #210 2015-02-21 11:06:52 +01:00
http Use platform ciphers as well, just prefer ours 2015-02-02 11:16:22 -05:00
parser fixed npe in message parser 2015-03-06 21:14:55 +01:00
persistance catching out of memory run time exception in hasEnabledAccounts() 2015-02-28 12:03:53 +01:00
services avoid unnecessary thread creation 2015-03-05 15:46:33 +01:00
ui fixed enter is send option 2015-03-06 22:22:50 +01:00
utils disable all really weak cipher suites 2015-03-07 15:48:29 +01:00
xml Add support for XEP-0191 (Blocking command) 2014-12-22 08:19:00 -05:00
xmpp avoid unnecessary thread creation 2015-03-05 15:46:33 +01:00
Config.java disable all really weak cipher suites 2015-03-07 15:48:29 +01:00