adium 5611:0c59ebc1bed5: Updated changelog with the SSL weaknesses.
commits at adium.im
commits at adium.im
Wed Jul 3 09:12:05 UTC 2013
details: http://hg.adium.im/adium/rev/0c59ebc1bed5
revision: 5611:0c59ebc1bed5
branch: adium-1.5.8
author: Thijs Alkemade <me at thijsalkema.de>
date: Wed Jul 03 11:11:16 2013 +0200
Updated changelog with the SSL weaknesses.
diffs (15 lines):
diff -r 47cb4e7d58e1 -r 0c59ebc1bed5 ChangeLogs/Changes.txt
--- a/ChangeLogs/Changes.txt Tue Jul 02 21:57:07 2013 +0200
+++ b/ChangeLogs/Changes.txt Wed Jul 03 11:11:16 2013 +0200
@@ -8,7 +8,10 @@
* Removed StatusNet support, see http://adium.im/blog/2013/07/adium-1-5-7-released.
* Fixed a crash when redrawing the contact list. (#16119)
* Fixed a bug that could cause SSL connections to be closed prematurely. (#15405, #15411, #15741, #16356)
- * Fixed a number of weaknesses in the SSL code.
+ * Fixed the following weaknesses in the SSL code:
+ * Removed all anonymous ciphers from the list Adium tries, these are insecure and would crash Adium.
+ * Removed SSL_RSA_WITH_NULL_MD5 from the list of cipers, as it doesn't use encryption.
+ * Removed the caching of untrusted self-signed certificates, as the implementation would make it easy to replace it with a different certificate when reconnecting.e
Version 1.5.6 (3/18/2013)
* Fixed a crash on startup on 10.6.8.
More information about the commits
mailing list