Enable TLS 1.2 and update ciphers suites on windows
problem
Gajim on windows connects with TLS 1.0. There are no ECDHE, SHA2, GCM cipher suites included. RC4 and 3DES should be removed.
analysis
Gajim 0.16.3 on windows sends the following cipher suites:
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Server (Prosody 0.9.8) negotiates with:
Version: TLS 1.0 (0x0301) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
enhancement recommendation
Enable TLS 1.2 and add newer cipher suites.
Prosodys cipher list (1).
Pidgin has recently reworked their list and they used firefox as their base reference (2).
1: https://prosody.im/doc/advanced_ssl_config#ciphers 2: https://developer.pidgin.im/ticket/16262