ability to configure cipher list

2013-11-03 17:57:12 +01:00 · 2013-11-03 17:57:12 +01:00 · 219405952c
parent 47b00c5c23
commit 219405952c
2 changed files with 4 additions and 1 deletions
--- a/src/common/config.py
+++ b/src/common/config.py
@ -349,6 +349,7 @@ class Config:
                    'enable_esessions': [opt_bool, True, _('Enable ESessions encryption for this account.')],
                    'autonegotiate_esessions': [opt_bool, True, _('Should Gajim automatically start an encrypted session when possible?')],
                    'connection_types': [ opt_str, 'tls ssl plain', _('Ordered list (space separated) of connection type to try. Can contain tls, ssl or plain')],
+                    'cipher_list': [ opt_str, 'HIGH:!aNULL:!eNULL:RC4-SHA', '' ],
                    'action_when_plaintext_connection': [ opt_str, 'warn', _('Show a warning dialog before sending password on an plaintext connection. Can be \'warn\', \'connect\', \'disconnect\'') ],
                    'warn_when_insecure_ssl_connection': [ opt_bool, True, _('Show a warning dialog before using standard SSL library.') ],
                    'warn_when_insecure_password': [ opt_bool, True, _('Show a warning dialog before sending PLAIN password over a plain connection.') ],
--- a/src/common/connection.py
+++ b/src/common/connection.py
@ -1236,7 +1236,9 @@ class Connection(CommonConnection, ConnectionHandlers):
            if not os.path.exists(cacerts):
                cacerts = ''
            mycerts = common.gajim.MY_CACERTS
-            secure_tuple = (self._current_type, cacerts, mycerts)
+            cipher_list = gajim.config.get_per('accounts', self.name,
+                'cipher_list')
+            secure_tuple = (self._current_type, cacerts, mycerts, cipher_list)

            con = nbxmpp.NonBlockingClient(
                domain=self._hostname,