Ingo is currently unable to access e-mail so he has asked me to resend these on his account:
-------- Original Message --------
Subject: RE: [jitsi-dev] SSL Security Concern
Date: Fri, 4 Oct 2013 14:53:19 +0000
From: Ingo Bauersachs
I'm writing some E-Mails to you, can you forward the without my details this to the list?
You can specify the truststore that Java should use use in the .properties. I don't know the exact property names out of my head, but they are defined in the CertificateService (Truststore file, Truststore type and Truststore password).
With that, you could deploy your own truststore file either on a network share or somewhere locally on the corporate desktop (say, on %ProgramData%\Jitsi).
An option to disable a certificate mismatch override should be fairly simple to implement: a new property that just disables/hides the "continue anyway" button.
Mit freundlichen Grüssen
Maklerzentrum Schweiz AG
MSc FHNW in Computer Sciences
Informatik, System Integration
Falls Sie diese Nachricht irrtümlicherweise erhalten haben, bitten wir Sie, die absendende Person zu kontaktieren und diese Nachricht mit allen Anhängen von Ihrem System zu löschen.
From: firstname.lastname@example.org [mailto:email@example.com] On Behalf Of skyper
Sent: Samstag, 21. September 2013 20:30
Subject: [jitsi-dev] SSL Security Concern
I could not get an answer on the user mailinglist. I'm concerned that jitsi implemented a lax SSL security policy which makes it prone to SSL ManInTheMiddle attacks to easily.
1. How can I configure jitsi to use one (and just one; exclusive) root
certificate and ignore all other system-wide root certs without having to
recompile the source? (and cross platform of course)
2. How can I configure jitsi to fail connecting to the jabber server if the
SSL trust can not be established? Currently in a man-in-the-middle attack
scenario jitsi shows a pop-up that the cert is not trusted (even that previous connections had a trusted certificate) and allows the
user to manually accept the certificate (doh!).
thanks & regards,