-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FIX(client,ui): PFS information being incorrect #5566
Merged
Krzmbrzl
merged 3 commits into
mumble-voip:master
from
Krzmbrzl:feat-dont-rely-on-hardcoded-cipher-list
Feb 14, 2022
Merged
FIX(client,ui): PFS information being incorrect #5566
Krzmbrzl
merged 3 commits into
mumble-voip:master
from
Krzmbrzl:feat-dont-rely-on-hardcoded-cipher-list
Feb 14, 2022
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Krzmbrzl
force-pushed
the
feat-dont-rely-on-hardcoded-cipher-list
branch
from
February 12, 2022 19:41
8194e32
to
ea6b31a
Compare
|
davidebeatrici
approved these changes
Feb 12, 2022
The information about perfect forwards secrecy (PFS) displayed within the server information dialog (TCP tab) was missing for newer ciphers. The reason was, that we are using a hard-coded list of cipher information and the new ones (TLS 1.3) are not part of that. However, in the meantime Qt has implemented indirect support for checking whether PFS is used, so we change the implementation to make use of that instead. Fixes mumble-voip#5469
PR mumble-voip#1825 introduced a hard-coded list of cipher information in order to be able to display extended information about the encryption details of a connection. Keeping this information up-to-date had to be done by means of a dedicated python script. The problem with this approach is that a) hard-coding something like this is never a good idea b) the updating has been forgotten in the last several years, leading to outdated information c) the update script is currently not working anymore Additionally, the current code only used the extended information to query the perfect forward secrecy support anyway and that has been implemented in a different way in de7b02f. The only other thing we used the extended info for, was to obtain the RFC name of ciphers, but since the list was outdated anyway, we nowadays probably used the fallback (using the name provided by Qt) more often than not. Therefore the hard-coded information has been removed and we now simply always stick to the cipher name as reported by Qt. If someone desperately requires the RFC names, they'll have to take it up with Qt to expose this name in their API as curating a hard-coded list in our code base is not a viable option.
Krzmbrzl
force-pushed
the
feat-dont-rely-on-hardcoded-cipher-list
branch
from
February 14, 2022 07:10
ea6b31a
to
0f6ff0b
Compare
💚 All backports created successfully
Questions ?Please refer to the Backport tool documentation |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The information about perfect forwards secrecy (PFS) displayed within
the server information dialog (TCP tab) was missing for newer ciphers.
The reason was, that we are using a hard-coded list of cipher
information and the new ones (TLS 1.3) are not part of that.
However, in the meantime Qt has implemented indirect support for
checking whether PFS is used, so we change the implementation to make
use of that instead.
Fixes #5469
Additionally the hard-coded cipher info list has been removed in a second commit.
Checks