[jitsi-dev] [libsrc-commits] master: Backports TLSUtils for smack [...]


#1

From: commits-bounces@jitsi.org [mailto:commits-bounces@jitsi.org] On

Behalf

Of damencho@jitsi.org
Sent: Montag, 20. Oktober 2014 21:13
To: commits@jitsi.org
Subject: [libsrc-commits] master: Backports TLSUtils for smack and enables
tls only mode for xmpp connections. Disables SSLv... and fixes connecting

to

Facebook. (6c510f7)

Repository : ssh://lists.jitsi.org/libsrc

On branch : master
Link :

https://github.com/jitsi/libsrc/compare/759af3cb49de438997aabdc07911c0f20c3b
8

fcb...6c510f74ac381731b263ca46ed314f7d31a3c66f

>---------------------------------------------------------------

commit 6c510f74ac381731b263ca46ed314f7d31a3c66f
Author: Damian Minkov <damencho@jitsi.org>
Date: Mon Oct 20 17:07:09 2014 +0300

    Backports TLSUtils for smack and enables tls only mode for xmpp
connections. Disables SSLv... and fixes connecting to Facebook.

Instead of playing around with Smack and solving this as a Facebook problem,
I think this would better be handled by setting the protocol/cipher options
globally in the CertificateService (and maybe provide a configuration option
later on in the TLS config GUI). E.g. set the system property
https.protocols=TLSv1.2,TLSv1.1,TLSv1

(I'd do it myself, but I still won't have access to my complete dev-env for
another three weeks.)

Ingo

···

-----Original Message-----


#2

Hi Ingo,

but if we change this globally in CertificateService this will affect
all ssl sockets, isn't the SSLv... needed for https locations like
provisioning, https updates locations ... or I'm wrong?

Regards
damencho

···

On Mon, Oct 20, 2014 at 7:06 PM, Ingo Bauersachs <ingo@jitsi.org> wrote:

-----Original Message-----
From: commits-bounces@jitsi.org [mailto:commits-bounces@jitsi.org] On

Behalf

Of damencho@jitsi.org
Sent: Montag, 20. Oktober 2014 21:13
To: commits@jitsi.org
Subject: [libsrc-commits] master: Backports TLSUtils for smack and enables
tls only mode for xmpp connections. Disables SSLv... and fixes connecting

to

Facebook. (6c510f7)

Repository : ssh://lists.jitsi.org/libsrc

On branch : master
Link :

https://github.com/jitsi/libsrc/compare/759af3cb49de438997aabdc07911c0f20c3b
8

fcb...6c510f74ac381731b263ca46ed314f7d31a3c66f

>---------------------------------------------------------------

commit 6c510f74ac381731b263ca46ed314f7d31a3c66f
Author: Damian Minkov <damencho@jitsi.org>
Date: Mon Oct 20 17:07:09 2014 +0300

    Backports TLSUtils for smack and enables tls only mode for xmpp
connections. Disables SSLv... and fixes connecting to Facebook.

Instead of playing around with Smack and solving this as a Facebook problem,
I think this would better be handled by setting the protocol/cipher options
globally in the CertificateService (and maybe provide a configuration option
later on in the TLS config GUI). E.g. set the system property
https.protocols=TLSv1.2,TLSv1.1,TLSv1

(I'd do it myself, but I still won't have access to my complete dev-env for
another three weeks.)

Ingo

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev