adium 5687:6c2293048ca9: Disable SSLv2 even for bad servers. Add...

[commits at adium.im]

details:	http://hg.adium.im/adium/rev/6c2293048ca9
revision:	5687:6c2293048ca9
branch:		adium-1.5.8
author:		Thijs Alkemade <me at thijsalkema.de>
date:		Tue Sep 03 10:23:40 2013 +0200

Disable SSLv2 even for bad servers. Added a number of TLS 1.2 suites to the whitelist (not all of those are supported by Apple yet).

diffs (44 lines):

diff -r 0ed647dd6a9f -r 6c2293048ca9 Plugins/Purple Service/libpurple_extensions/ssl-cdsa.c
--- a/Plugins/Purple Service/libpurple_extensions/ssl-cdsa.c	Mon Aug 19 21:11:24 2013 +0200
+++ b/Plugins/Purple Service/libpurple_extensions/ssl-cdsa.c	Tue Sep 03 10:23:40 2013 +0200
@@ -347,6 +347,32 @@
 		case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
 		case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
 		case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
+		case TLS_RSA_WITH_AES_128_GCM_SHA256:
+		case TLS_RSA_WITH_AES_256_GCM_SHA384:
+		case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
+		case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
+		case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
+		case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
+		case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
+		case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
+		case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
+		case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
+		case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
+		case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
+		case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
+		case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
+		case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
+		case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
+		case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
+		case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
+		case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
+		case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
+		case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
+		case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
+		case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
+		case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
+		case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
+		case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
 			return TRUE;
 			
 		default:
@@ -474,7 +500,6 @@
             return;
         }
         
-        protoErr = SSLSetProtocolVersionEnabled(cdsa_data->ssl_ctx, kSSLProtocol2, true);
         protoErr = SSLSetProtocolVersionEnabled(cdsa_data->ssl_ctx, kSSLProtocol3, true);
         protoErr = SSLSetProtocolVersionEnabled(cdsa_data->ssl_ctx, kTLSProtocol1, true);
     }