anotherim

History

Boris Wachtmeister 67f8ed44bd disable all really weak cipher suites With #959 all ciphers of the platform were enabled, but this also includes several suites that are considered as very weak, even down to NULL- and anon-ciphers which disable completely disable encryption and/or authentication. Especially the anon-ciphers could be easily used for a mitm-attack. To remove all weak ciphers a blacklist with patterns of cipher-names was added to Config.java. The blacklist is based on the "mandatory discards" that Mozilla suggests to not use for TLS-servers because they are weak or known to be broken. https://wiki.mozilla.org/Security/Server_Side_TLS#Mandatory_discards	2015-03-07 15:48:29 +01:00
..
eu/siacs/conversations	disable all really weak cipher suites	2015-03-07 15:48:29 +01:00

Boris Wachtmeister 67f8ed44bd disable all really weak cipher suites

With #959 all ciphers of the platform were enabled, but this also
includes several suites that are considered as very weak, even down to
NULL- and anon-ciphers which disable completely disable encryption
and/or authentication. Especially the anon-ciphers could be easily used
for a mitm-attack.

To remove all weak ciphers a blacklist with patterns of cipher-names was
added to Config.java. The blacklist is based on the "mandatory discards"
that Mozilla suggests to not use for TLS-servers because they are weak
or known to be broken.
https://wiki.mozilla.org/Security/Server_Side_TLS#Mandatory_discards

2015-03-07 15:48:29 +01:00

eu/siacs/conversations

disable all really weak cipher suites

2015-03-07 15:48:29 +01:00