From 4a360397fefd400ad40d75b25bf70e93631c60ae Mon Sep 17 00:00:00 2001
From: Fedor Brunner <fedor.brunner@azet.sk>
Date: Mon, 23 Dec 2013 23:26:54 +0100
Subject: [PATCH] cipher specification cleanup
https://trac.gajim.org/ticket/7599
---
src/common/config.py | 2 +-
src/common/jingle_xtls.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/common/config.py b/src/common/config.py
index 7192e9f4e8..60e4d7a946 100644
--- a/src/common/config.py
+++ b/src/common/config.py
@@ -349,7 +349,7 @@ class Config:
'enable_esessions': [opt_bool, True, _('Enable ESessions encryption for this account.')],
'autonegotiate_esessions': [opt_bool, True, _('Should Gajim automatically start an encrypted session when possible?')],
'connection_types': [ opt_str, 'tls ssl plain', _('Ordered list (space separated) of connection type to try. Can contain tls, ssl or plain')],
- 'cipher_list': [ opt_str, 'HIGH:!aNULL:!eNULL:RC4-SHA', '' ],
+ 'cipher_list': [ opt_str, 'HIGH:!aNULL:RC4-SHA', '' ],
'action_when_plaintext_connection': [ opt_str, 'warn', _('Show a warning dialog before sending password on an plaintext connection. Can be \'warn\', \'connect\', \'disconnect\'') ],
'warn_when_insecure_ssl_connection': [ opt_bool, True, _('Show a warning dialog before using standard SSL library.') ],
'warn_when_insecure_password': [ opt_bool, True, _('Show a warning dialog before sending PLAIN password over a plain connection.') ],
diff --git a/src/common/jingle_xtls.py b/src/common/jingle_xtls.py
index e8763a0824..164805fbd3 100644
--- a/src/common/jingle_xtls.py
+++ b/src/common/jingle_xtls.py
@@ -101,7 +101,7 @@ def get_context(fingerprint, verify_cb=None, remote_jid=None):
ctx = SSL.Context(SSL.SSLv23_METHOD)
flags = (SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_SINGLE_DH_USE)
ctx.set_options(flags)
- ctx.set_cipher_list('HIGH:!aNULL:!eNULL')
+ ctx.set_cipher_list('HIGH:!aNULL:!3DES')
if fingerprint == 'server': # for testing purposes only
ctx.set_verify(SSL.VERIFY_NONE|SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
--
GitLab