mirror of
https://github.com/moparisthebest/Conversations
synced 2024-11-11 19:55:03 -05:00
67f8ed44bd
With #959 all ciphers of the platform were enabled, but this also includes several suites that are considered as very weak, even down to NULL- and anon-ciphers which disable completely disable encryption and/or authentication. Especially the anon-ciphers could be easily used for a mitm-attack. To remove all weak ciphers a blacklist with patterns of cipher-names was added to Config.java. The blacklist is based on the "mandatory discards" that Mozilla suggests to not use for TLS-servers because they are weak or known to be broken. https://wiki.mozilla.org/Security/Server_Side_TLS#Mandatory_discards |
||
---|---|---|
.. | ||
crypto | ||
entities | ||
generator | ||
http | ||
parser | ||
persistance | ||
services | ||
ui | ||
utils | ||
xml | ||
xmpp | ||
Config.java |