Updated changelog with the SSL weaknesses. adium-1.5.8
authorThijs Alkemade <me@thijsalkema.de>
Wed, 03 Jul 2013 11:11:16 +0200
branchadium-1.5.8
changeset 5611 0c59ebc1bed5
parent 5610 47cb4e7d58e1
child 5612 8af6a0aacb48
Updated changelog with the SSL weaknesses.
ChangeLogs/Changes.txt
--- a/ChangeLogs/Changes.txt	Tue Jul 02 21:57:07 2013 +0200
+++ b/ChangeLogs/Changes.txt	Wed Jul 03 11:11:16 2013 +0200
@@ -8,7 +8,10 @@
  * Removed StatusNet support, see http://adium.im/blog/2013/07/adium-1-5-7-released.
  * Fixed a crash when redrawing the contact list. (#16119)
  * Fixed a bug that could cause SSL connections to be closed prematurely. (#15405, #15411, #15741, #16356)
- * Fixed a number of weaknesses in the SSL code.
+ * Fixed the following weaknesses in the SSL code:
+   * Removed all anonymous ciphers from the list Adium tries, these are insecure and would crash Adium.
+   * Removed SSL_RSA_WITH_NULL_MD5 from the list of cipers, as it doesn't use encryption.
+   * Removed the caching of untrusted self-signed certificates, as the implementation would make it easy to replace it with a different certificate when reconnecting.e
 
 Version 1.5.6 (3/18/2013)
  * Fixed a crash on startup on 10.6.8.