author Andrew Wellington <proton@adium.im>

Tue, 06 Oct 2009 12:49:53 +1100

changeset 2609 63a2af2e3e41

parent 2608 b688c1962004

child 2610 a86761b6131b

Plugins/Purple Service/libpurple_extensions/ssl-cdsa.c file | annotate | diff | comparison | revisions
     1.1 --- a/Plugins/Purple Service/libpurple_extensions/ssl-cdsa.c	Fri Sep 11 14:32:40 2009 -0400
     1.2 +++ b/Plugins/Purple Service/libpurple_extensions/ssl-cdsa.c	Tue Oct 06 12:49:53 2009 +1100
     1.3 @@ -330,6 +330,49 @@
     1.4  		return;
     1.5      }
     1.6      
     1.7 +    /*
     1.8 +     * Disable ciphers that confuse some servers
     1.9 +     */
    1.10 +    SSLCipherSuite ciphers[27] = {
    1.11 +        TLS_RSA_WITH_AES_128_CBC_SHA,
    1.12 +        SSL_RSA_WITH_RC4_128_SHA,
    1.13 +        SSL_RSA_WITH_RC4_128_MD5,
    1.14 +        TLS_RSA_WITH_AES_256_CBC_SHA,
    1.15 +        SSL_RSA_WITH_3DES_EDE_CBC_SHA,
    1.16 +        SSL_RSA_WITH_3DES_EDE_CBC_MD5,
    1.17 +        SSL_RSA_WITH_DES_CBC_SHA,
    1.18 +        SSL_RSA_EXPORT_WITH_RC4_40_MD5,
    1.19 +        SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
    1.20 +        SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
    1.21 +        TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
    1.22 +        TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
    1.23 +        TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
    1.24 +        TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
    1.25 +        SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
    1.26 +        SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
    1.27 +        SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
    1.28 +        SSL_DHE_DSS_WITH_DES_CBC_SHA,
    1.29 +        SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
    1.30 +        TLS_DH_anon_WITH_AES_128_CBC_SHA,
    1.31 +        TLS_DH_anon_WITH_AES_256_CBC_SHA,
    1.32 +        SSL_DH_anon_WITH_RC4_128_MD5,
    1.33 +        SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
    1.34 +        SSL_DH_anon_WITH_DES_CBC_SHA,
    1.35 +        SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,
    1.36 +        SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
    1.37 +        SSL_RSA_WITH_NULL_MD5,
    1.38 +    };
    1.39 +    err = (OSStatus)SSLSetEnabledCiphers(cdsa_data->ssl_ctx, ciphers, sizeof(ciphers) / sizeof(SSLCipherSuite));
    1.40 +    if (err != noErr) {
    1.41 +        purple_debug_error("cdsa", "SSLSetEnabledCiphers failed\n");
    1.42 +        if (gsc->error_cb != NULL)
    1.43 +            gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED,
    1.44 +                       gsc->connect_cb_data);
    1.45 +
    1.46 +        purple_ssl_close(gsc);
    1.47 +        return;
    1.48 +    }
    1.49 +    
    1.50      if(gsc->host) {
    1.51          /*
    1.52           * Set the peer's domain name so CDSA can check the certificate's CN
author	Andrew Wellington <proton@adium.im>
	Tue, 06 Oct 2009 12:49:53 +1100
changeset 2609	63a2af2e3e41
parent 2608	b688c1962004
child 2610	a86761b6131b