Project

General

Profile

Enhancement #301

Allow cipher spec setting

Added by Christopher Head about 7 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Normal
Target version:
Start date:
2012-08-11
Due date:
% Done:

100%

Estimated time:
Patch Available:
Yes
Found in Versions:
Confirmed:
Yes
Branch:
Security:
Yes
Help Needed:
No

Description

I want to use an RSA certificate because RSA is more widely supported. However, I want to refuse to use straight-RSA key exchange cipherspecs; I want to only ever use RSA+DHE key exchanges because they add perfect forward secrecy. I can't do that because bip doesn't allow me to enter a cipherspec string restricting what types of cipherspecs to use. Basically I want Apache/mod_ssl's <http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslciphersuite> in bip. This would also allow the administrator to disable other miscellaneous cipherspecs if they prove to be insecure without having to wait for new versions of software to come out.

Associated revisions

Revision 6691f89c (diff)
Added by Pierre-Louis Bonicoli over 3 years ago

Add cipher specifications setting

Allow to configure cipher specifications for the listening bip
connection and for each outgoing IRC connection.

Closes #301

Revision ab8e5eec (diff)
Added by Pierre-Louis Bonicoli almost 3 years ago

Add cipher specifications setting

Allow to configure cipher specifications for the listening bip
connection and for each outgoing IRC connection.

Closes #301

History

#1

Updated by Marian S almost 5 years ago

I'd like to push this and I'd think this is not an enhancement but a bug.
Even though bip maybe isn't vulnerable to the SSL 3.0 vulnerability exposed today (poodle), something else can come out any day. And, generally, it is a very good idea to be able to blacklist ciphers/protocols that are no longer in use.
Thus I'd say this deserves a high priority and I'd be very happy to see this implemented!

#2

Updated by Pierre-Louis Bonicoli over 3 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100
#3

Updated by Pierre-Louis Bonicoli over 3 years ago

  • Status changed from Resolved to In Progress
  • Assignee set to Pierre-Louis Bonicoli
  • Target version set to 0.9.0
  • % Done changed from 100 to 50
  • Patch Available changed from No to Yes
  • Confirmed changed from No to Yes
#4

Updated by Pierre-Louis Bonicoli almost 3 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 50 to 100

Also available in: Atom PDF