Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FIX(client,ui): PFS information being incorrect #5566

Merged

Conversation

Krzmbrzl
Copy link
Member

@Krzmbrzl Krzmbrzl commented Feb 12, 2022

The information about perfect forwards secrecy (PFS) displayed within
the server information dialog (TCP tab) was missing for newer ciphers.
The reason was, that we are using a hard-coded list of cipher
information and the new ones (TLS 1.3) are not part of that.

However, in the meantime Qt has implemented indirect support for
checking whether PFS is used, so we change the implementation to make
use of that instead.

Fixes #5469

Additionally the hard-coded cipher info list has been removed in a second commit.

Checks

@Krzmbrzl Krzmbrzl added client backport-needed bug A bug (error) in the software labels Feb 12, 2022
@Krzmbrzl Krzmbrzl force-pushed the feat-dont-rely-on-hardcoded-cipher-list branch from 8194e32 to ea6b31a Compare February 12, 2022 19:41
@davidebeatrici
Copy link
Member

CHANGE(client): Don't use hard-coded cipher infos

infos -> info

PR #1825 introduced a hard-coded list of cipher information in order to
be able to display extend information about the encryption details of a
connection.

extend -> extended

The information about perfect forwards secrecy (PFS) displayed within
the server information dialog (TCP tab) was missing for newer ciphers.
The reason was, that we are using a hard-coded list of cipher
information and the new ones (TLS 1.3) are not part of that.

However, in the meantime Qt has implemented indirect support for
checking whether PFS is used, so we change the implementation to make
use of that instead.

Fixes mumble-voip#5469
PR mumble-voip#1825 introduced a hard-coded list of cipher information in order to
be able to display extended information about the encryption details of
a connection. Keeping this information up-to-date had to be done by
means of a dedicated python script.

The problem with this approach is that
a) hard-coding something like this is never a good idea
b) the updating has been forgotten in the last several years, leading to
outdated information
c) the update script is currently not working anymore

Additionally, the current code only used the extended information to
query the perfect forward secrecy support anyway and that has been
implemented in a different way in
de7b02f.

The only other thing we used the extended info for, was to obtain the
RFC name of ciphers, but since the list was outdated anyway, we nowadays
probably used the fallback (using the name provided by Qt) more often
than not.

Therefore the hard-coded information has been removed and we now simply
always stick to the cipher name as reported by Qt. If someone
desperately requires the RFC names, they'll have to take it up with Qt
to expose this name in their API as curating a hard-coded list in our
code base is not a viable option.
@Krzmbrzl Krzmbrzl force-pushed the feat-dont-rely-on-hardcoded-cipher-list branch from ea6b31a to 0f6ff0b Compare February 14, 2022 07:10
@Krzmbrzl Krzmbrzl merged commit ef79268 into mumble-voip:master Feb 14, 2022
@Krzmbrzl
Copy link
Member Author

Krzmbrzl commented May 8, 2022

💚 All backports created successfully

Status Branch Result
1.4.x

Questions ?

Please refer to the Backport tool documentation

Krzmbrzl added a commit that referenced this pull request May 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug A bug (error) in the software client
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Forward secrecy information missing
2 participants