From dcf1c33cc1fc0e98e05e434d11d7d12885ee9e7d Mon Sep 17 00:00:00 2001 From: Fedor Brunner Date: Mon, 23 Dec 2013 23:26:54 +0100 Subject: [PATCH] cipher specification cleanup https://trac.gajim.org/ticket/7599 --- src/common/config.py | 2 +- src/common/jingle_xtls.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/common/config.py b/src/common/config.py index 26a756b8d..2cfa73c35 100644 --- a/src/common/config.py +++ b/src/common/config.py @@ -349,7 +349,7 @@ class Config: 'enable_esessions': [opt_bool, True, _('Enable ESessions encryption for this account.')], 'autonegotiate_esessions': [opt_bool, True, _('Should Gajim automatically start an encrypted session when possible?')], 'connection_types': [ opt_str, 'tls ssl plain', _('Ordered list (space separated) of connection type to try. Can contain tls, ssl or plain')], - 'cipher_list': [ opt_str, 'HIGH:!aNULL:!eNULL:RC4-SHA', '' ], + 'cipher_list': [ opt_str, 'HIGH:!aNULL:RC4-SHA', '' ], 'action_when_plaintext_connection': [ opt_str, 'warn', _('Show a warning dialog before sending password on an plaintext connection. Can be \'warn\', \'connect\', \'disconnect\'') ], 'warn_when_insecure_ssl_connection': [ opt_bool, True, _('Show a warning dialog before using standard SSL library.') ], 'warn_when_insecure_password': [ opt_bool, True, _('Show a warning dialog before sending PLAIN password over a plain connection.') ], diff --git a/src/common/jingle_xtls.py b/src/common/jingle_xtls.py index 6f708cc3e..ec0fb957c 100644 --- a/src/common/jingle_xtls.py +++ b/src/common/jingle_xtls.py @@ -95,7 +95,7 @@ def get_context(fingerprint, verify_cb=None): ctx = SSL.Context(SSL.SSLv23_METHOD) flags = (SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_SINGLE_DH_USE) ctx.set_options(flags) - ctx.set_cipher_list('HIGH:!aNULL:!eNULL') + ctx.set_cipher_list('HIGH:!aNULL:!3DES') if fingerprint == 'server': # for testing purposes only ctx.set_verify(SSL.VERIFY_NONE|SSL.VERIFY_FAIL_IF_NO_PEER_CERT,