linuxdcpp-team team mailing list archive

Thread
Date

[Bug 1308290] Re: Require TLS 1.2 connections for ADCS

To: linuxdcpp-team@xxxxxxxxxxxxxxxxxxx
From: cologic <1308290@xxxxxxxxxxxxxxxxxx>
Date: Wed, 16 Apr 2014 01:36:32 -0000
Reply-to: Bug 1308290 <1308290@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

What would that accomplish? Downgrade attacks are bad and the point is
to enable this unconditionally. Part of the calculation of the timing of
this patch is that it's early enough in the cycle (I waited until just
after 0.842 became stable) that if this approach proves too aggressive,
it can be adjusted.

-- 
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to DC++.
https://bugs.launchpad.net/bugs/1308290

Title:
  Require TLS 1.2 connections for ADCS

Status in DC++:
  New

Bug description:
  The same patch attached can be found at
  http://pastie.org/pastes/8760328 from two months ago. It's the
  resolution to https://dcpp.wordpress.com/2013/09/20/beast-crime-
  breach-and-lucky-13-assessing-tls-in-adcs/

  This is meant as a trial patch: easy to add, and if it causes
  irresolvable problems, easy to remove without affecting much else.

To manage notifications about this bug go to:
https://bugs.launchpad.net/dcplusplus/+bug/1308290/+subscriptions

References

[Bug 1308290] [NEW] Require TLS 1.2 connections for ADCS
From: cologic, 2014-04-16