cipher specification cleanup

https://trac.gajim.org/ticket/7599
2013-12-23 23:26:54 +01:00 · 2013-12-23 23:26:54 +01:00 · 4a360397fe
commit 4a360397fe
parent 5a8d757529
2 changed files with 2 additions and 2 deletions
--- a/src/common/config.py
+++ b/src/common/config.py
@ -349,7 +349,7 @@ class Config:
                    'enable_esessions': [opt_bool, True, _('Enable ESessions encryption for this account.')],
                    'autonegotiate_esessions': [opt_bool, True, _('Should Gajim automatically start an encrypted session when possible?')],
                    'connection_types': [ opt_str, 'tls ssl plain', _('Ordered list (space separated) of connection type to try. Can contain tls, ssl or plain')],
-                    'cipher_list': [ opt_str, 'HIGH:!aNULL:!eNULL:RC4-SHA', '' ],
+                    'cipher_list': [ opt_str, 'HIGH:!aNULL:RC4-SHA', '' ],
                    'action_when_plaintext_connection': [ opt_str, 'warn', _('Show a warning dialog before sending password on an plaintext connection. Can be \'warn\', \'connect\', \'disconnect\'') ],
                    'warn_when_insecure_ssl_connection': [ opt_bool, True, _('Show a warning dialog before using standard SSL library.') ],
                    'warn_when_insecure_password': [ opt_bool, True, _('Show a warning dialog before sending PLAIN password over a plain connection.') ],
--- a/src/common/jingle_xtls.py
+++ b/src/common/jingle_xtls.py
@ -101,7 +101,7 @@ def get_context(fingerprint, verify_cb=None, remote_jid=None):
    ctx = SSL.Context(SSL.SSLv23_METHOD)
    flags = (SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_SINGLE_DH_USE)
    ctx.set_options(flags)
-    ctx.set_cipher_list('HIGH:!aNULL:!eNULL')
+    ctx.set_cipher_list('HIGH:!aNULL:!3DES')

    if fingerprint == 'server': # for testing purposes only
        ctx.set_verify(SSL.VERIFY_NONE|SSL.VERIFY_FAIL_IF_NO_PEER_CERT,