Where can I find more information about the crypto changes?

An instant messenger which can connect to AIM, GTalk, Jabber, ICQ, and more.
williaty
Harmless
Posts: 6
Joined: Sun May 15, 2011 8:12 pm

Where can I find more information about the crypto changes?

Postby williaty » Mon Oct 14, 2013 4:54 pm

The version history says that 1.5.8 brings "Enabled a large number of TLS cipher suites, including ECC suites and suites new in TLS 1.2.". Given all the upheaval going on with crypto right now, I'd like to have more specific information about the crypto changes in Adium but I can't find any documentation about it. Can anyone point me in the right direction?

sphynx
Latté
Posts: 75
Joined: Sun May 06, 2007 4:58 pm

Re: Where can I find more information about the crypto chang

Postby sphynx » Tue Oct 15, 2013 7:16 pm

Due to some broken XMPP servers 4 years ago, the elliptic curve cipher suites were disabled in Adium: #12913. I personally think this was a bad decision and something that should at least have been optional and/or temporary. But that code was never touched again until 1.5.7, meaning Adium kept supporting only the ciphers supported by Mac OS X 10.5. 1.5.7 removed the absolutely horrible ciphers from that list (the unauthenticated and unencrypted ciphers). In 1.5.8 the list of ciphers was changed to the list supported by Chromium, together with the ciphers that are new in TLS 1.2. You can see the list here: https://hg.adium.im/adium/file/e0467f50 ... dsa.c#l315. Keep in mind that not all of those ciphers are actually implemented in 10.8 and even less in 10.7.

If you want some more background on this, you should read this entry from my blog: https://blog.thijsalkema.de/blog/2013/0 ... on-xmpp-3/.

Does that answer your question, or would you like to know more?

williaty
Harmless
Posts: 6
Joined: Sun May 15, 2011 8:12 pm

Re: Where can I find more information about the crypto chang

Postby williaty » Tue Oct 15, 2013 10:47 pm

Nope, that's enough to satisfy my curiosity. Thanks for responding quickly!

williaty
Harmless
Posts: 6
Joined: Sun May 15, 2011 8:12 pm

Re: Where can I find more information about the crypto chang

Postby williaty » Wed Oct 16, 2013 5:22 am

Actually, I do have a followup question. Were all the crypto changes in 1.5.8 confined to stuff relating to SSL/TLS for securing the connection between the client and the server, or were there also crypto changes that affected OTR?

sphynx
Latté
Posts: 75
Joined: Sun May 06, 2007 4:58 pm

Re: Where can I find more information about the crypto chang

Postby sphynx » Wed Oct 16, 2013 7:49 am

There were no changes to OTR in 1.5.8.


Return to “Adium”

Who is online

Users browsing this forum: No registered users