XSF logo XSF Discussion - 2018-03-23


  1. Dave Cridland has left
  2. waqas has joined
  3. Holger has left
  4. SamWhited has left
  5. mrdoctorwho has left
  6. Guus has left
  7. jere has left
  8. ralphm has left
  9. ludo has joined
  10. lskdjf has joined
  11. la|r|ma has left
  12. jere has joined
  13. Syndace has left
  14. Syndace has joined
  15. Zash has left
  16. waqas has left
  17. Guus has left
  18. ludo has left
  19. ludo has joined
  20. ralphm has left
  21. ludo has left
  22. jjrh has left
  23. ludo has joined
  24. ralphm has left
  25. ralphm has left
  26. daniel has left
  27. ralphm has left
  28. Guus has left
  29. ludo has left
  30. Zash has joined
  31. moparisthebest has joined
  32. ralphm has left
  33. alexis has left
  34. ludo has joined
  35. moparisthebest has left
  36. Guus has left
  37. ralphm has left
  38. lumi has joined
  39. Guus has left
  40. ralphm has left
  41. ralphm has left
  42. Guus has left
  43. jere has joined
  44. lskdjf has left
  45. Guus has left
  46. ludo has left
  47. Guus has left
  48. Guus has left
  49. vanitasvitae has joined
  50. vanitasvitae has joined
  51. ludo has joined
  52. alexis has left
  53. alexis has left
  54. rion has joined
  55. Guus has left
  56. Guus has left
  57. ralphm has left
  58. ludo has left
  59. jere has joined
  60. ludo has joined
  61. rion has left
  62. rion has joined
  63. Guus has left
  64. Yagiza has joined
  65. rion has left
  66. alexis has left
  67. ludo has left
  68. alexis has joined
  69. alexis has joined
  70. ludo has joined
  71. jere has joined
  72. efrit has left
  73. ludo has left
  74. rion has left
  75. lskdjf has joined
  76. Guus has left
  77. ta has joined
  78. efrit has joined
  79. Guus has left
  80. alexis has joined
  81. waqas has joined
  82. ludo has joined
  83. ralphm has left
  84. la|r|ma has joined
  85. alexis has left
  86. alexis has joined
  87. ludo has left
  88. SamWhited has left
  89. rion has left
  90. la|r|ma has joined
  91. lskdjf has joined
  92. alexis has left
  93. alexis has joined
  94. ludo has joined
  95. alexis has left
  96. alexis has joined
  97. alexis has left
  98. alexis has joined
  99. ludo has left
  100. alexis has left
  101. alexis has joined
  102. ralphm has left
  103. alexis has joined
  104. daniel has left
  105. alexis has left
  106. alexis has joined
  107. ralphm has left
  108. alexis has left
  109. alexis has joined
  110. alexis has left
  111. alexis has joined
  112. moparisthebest has joined
  113. alexis has joined
  114. ralphm has left
  115. alexis has joined
  116. LNJ has joined
  117. Dave Cridland has left
  118. ralphm has left
  119. ludo has joined
  120. ludo has left
  121. goffi has joined
  122. sezuan has left
  123. sezuan has joined
  124. waqas has left
  125. LNJ has left
  126. j.r has left
  127. j.r has joined
  128. LNJ has joined
  129. Steve Kille has left
  130. ralphm has left
  131. rion has joined
  132. j.r has joined
  133. j.r has joined
  134. j.r has left
  135. j.r has joined
  136. j.r has left
  137. ludo has joined
  138. j.r has joined
  139. ralphm has left
  140. ralphm has left
  141. blabla has joined
  142. Lance has joined
  143. Lance has left
  144. ralphm has left
  145. ludo has left
  146. j.r has joined
  147. j.r has joined
  148. alexis has left
  149. alexis has joined
  150. ralphm has left
  151. ludo has joined
  152. Valerian has joined
  153. ludo has left
  154. ta has left
  155. @Alacer has left
  156. rion has left
  157. j.r has joined
  158. ralphm has left
  159. ralphm has joined
  160. intosi has joined
  161. ta has joined
  162. ludo has joined
  163. Guus has left
  164. marmistrz has joined
  165. marmistrz has left
  166. marmistrz has left
  167. ludo has left
  168. ludo has joined
  169. Guus has left
  170. ludo has left
  171. tim@boese-ban.de has joined
  172. vanitasvitae has joined
  173. marmistrz has joined
  174. Valerian has left
  175. McKael has joined
  176. ralphm has left
  177. winfried has joined
  178. efrit has left
  179. Ge0rG Sigh. How one should not design XMPP clients: https://github.com/KaidanIM/Kaidan/issues/220
  180. marmistrz has joined
  181. Kev Swift autoaccepts requests too, but only for bidirectional
  182. Kev (If you send a subscription request to someone, it'll approve the one they send back)
  183. jonasw that makes sense
  184. blabla has left
  185. daniel > (If you send a subscription request to someone, it'll approve the one they send back) Conversations does that too.
  186. daniel Even though that's actually what pre-approval is for
  187. Ge0rG it makes sense in a world where subscription shouldn't consist of directed graphs
  188. daniel Or pre Auth
  189. Ge0rG except pre-approval is not guaranteed
  190. daniel What ever that was called
  191. Ge0rG yaxim will do both
  192. Guus has left
  193. Kev But Swift doesn't talk about subscription requests, it just talks about Add Contact.
  194. daniel Did ejabberd start announcing that stream feature?
  195. daniel Because at some point it had support but didn't announce the feature which doesn't make sense this the RFC tells clients to only use it if the feature is announced
  196. Ge0rG I wonder how many of my Swift issues got fixed for 4.0.
  197. Ge0rG daniel: I'm using it anyway.
  198. Ge0rG is a lazy and ignorant client dev
  199. jonasw Ge0rG, you do know that prosody doesn’t support it?
  200. Ge0rG jonasw: I know.
  201. ludo has joined
  202. Ge0rG jonasw: but what's the worst thing that can happen if I send a pre-approval to a non-supporting server?
  203. jonasw <malformed-request/> stream error.
  204. daniel Stream error
  205. daniel 😂
  206. jonasw ah, <invalid-xml/>
  207. Ge0rG but it is valid xml. It just comes at the wrong time
  208. jonasw Ge0rG, invalid XML is for things which do not pass schema validation
  209. Ge0rG she-what? :P
  210. jonasw granted, I’d argue that such a server would be pretty weirdly designed to be gin with
  211. jonasw granted, I’d argue that such a server would be pretty weirdly designed to begin with
  212. Ge0rG jonasw: auto-generated by the schema-to-code thing we talked about yesternight.
  213. Ge0rG &
  214. jonasw fg
  215. ludo has left
  216. LNJ has left
  217. LNJ has joined
  218. Ge0rG Bad memory access (SIGBUS)
  219. Andrew Nenakhov has left
  220. Andrew Nenakhov has joined
  221. LNJ has left
  222. LNJ has joined
  223. Andrew Nenakhov has left
  224. Andrew Nenakhov has joined
  225. SaltyBones has left
  226. ta has joined
  227. nyco has left
  228. Valerian has joined
  229. winfried has left
  230. Steve Kille has left
  231. Andrew Nenakhov has left
  232. ludo has joined
  233. Andrew Nenakhov has joined
  234. Andrew Nenakhov has left
  235. Andrew Nenakhov has joined
  236. Andrew Nenakhov has left
  237. Andrew Nenakhov has joined
  238. Steve Kille has left
  239. alexis has left
  240. marmistrz has left
  241. ludo has left
  242. Steve Kille has joined
  243. jubalh has joined
  244. jubalh has left
  245. ralphm has left
  246. marmistrz has left
  247. ludo has joined
  248. winfried has left
  249. Steve Kille has left
  250. ludo has left
  251. ralphm has joined
  252. Guus has left
  253. alexis has joined
  254. ThibG has left
  255. valo has joined
  256. intosi has left
  257. intosi has joined
  258. LNJ has left
  259. alexis has left
  260. Zash has left
  261. alexis has joined
  262. Zash has joined
  263. Zash has left
  264. Dave Cridland has left
  265. Zash has joined
  266. ludo has joined
  267. alexis has left
  268. Dave Cridland has left
  269. alexis has joined
  270. LNJ has joined
  271. Dave Cridland has left
  272. Dave Cridland has left
  273. Dave Cridland has left
  274. alexis has left
  275. daniel has left
  276. Dave Cridland has left
  277. alexis has joined
  278. ludo has left
  279. rion has joined
  280. alexis has left
  281. jubalh has joined
  282. jubalh has left
  283. Alex has joined
  284. jubalh has joined
  285. jubalh has left
  286. Kev has left
  287. vanitasvitae has left
  288. Kev has joined
  289. jubalh has joined
  290. jubalh has left
  291. daniel has left
  292. LNJ has left
  293. alexis has joined
  294. alexis has left
  295. alexis has joined
  296. Dave Cridland has left
  297. alexis has left
  298. alexis has joined
  299. winfried has left
  300. Valerian has left
  301. jubalh has joined
  302. Dave Cridland has left
  303. Dave Cridland has left
  304. Yagiza has left
  305. Dave Cridland has left
  306. ludo has joined
  307. Yagiza has joined
  308. mr-L has joined
  309. marmistrz has left
  310. mr-L has left
  311. alexis has left
  312. alexis has joined
  313. Dave Cridland has left
  314. ludo has left
  315. Valerian has joined
  316. daniel has left
  317. Dave Cridland has left
  318. alexis has left
  319. alexis has joined
  320. Dave Cridland has left
  321. ta has left
  322. Dave Cridland has left
  323. vanitasvitae has left
  324. ludo has joined
  325. Dave Cridland has left
  326. marmistrz has joined
  327. marmistrz has joined
  328. Dave Cridland has left
  329. Holger has left
  330. Dave Cridland has left
  331. ludo has left
  332. jubalh has left
  333. la|r|ma has joined
  334. Syndace has left
  335. Syndace has joined
  336. Dave Cridland has left
  337. Dave Cridland has left
  338. lskdjf has joined
  339. jere has joined
  340. Andrew Nenakhov has left
  341. Andrew Nenakhov has joined
  342. jubalh has joined
  343. Andrew Nenakhov has left
  344. Andrew Nenakhov has joined
  345. Valerian has left
  346. Dave Cridland has left
  347. Dave Cridland has left
  348. Kev has left
  349. Dave Cridland has left
  350. Dave Cridland has left
  351. valo has joined
  352. lumi has joined
  353. j.r has joined
  354. Valerian has joined
  355. vanitasvitae has left
  356. Dave Cridland has left
  357. Dave Cridland has left
  358. Dave Cridland has left
  359. Dave Cridland has left
  360. jubalh has left
  361. Dave Cridland has left
  362. Andrew Nenakhov has left
  363. Andrew Nenakhov has joined
  364. Dave Cridland has left
  365. Andrew Nenakhov has left
  366. Andrew Nenakhov has joined
  367. j.r has joined
  368. Dave Cridland has left
  369. Dave Cridland has left
  370. Dave Cridland has left
  371. Dave Cridland has left
  372. valo has joined
  373. Dave Cridland has left
  374. la|r|ma has left
  375. la|r|ma has joined
  376. Dave Cridland has left
  377. la|r|ma has left
  378. la|r|ma has joined
  379. Dave Cridland has left
  380. Dave Cridland has left
  381. Dave Cridland has left
  382. la|r|ma has left
  383. la|r|ma has joined
  384. Dave Cridland has left
  385. Dave Cridland has left
  386. Dave Cridland has left
  387. Ge0rG has left
  388. Ge0rG has left
  389. Ge0rG has left
  390. Dave Cridland has left
  391. Ge0rG has left
  392. ta has left
  393. j.r has joined
  394. Dave Cridland has left
  395. jubalh has joined
  396. Dave Cridland has left
  397. jubalh has left
  398. Ge0rG has left
  399. Dave Cridland has left
  400. moparisthebest has joined
  401. Ge0rG has left
  402. Dave Cridland has left
  403. SamWhited has left
  404. Dave Cridland has left
  405. Ge0rG has left
  406. Ge0rG has left
  407. Dave Cridland has left
  408. SamWhited has left
  409. Ge0rG has left
  410. valo has joined
  411. Dave Cridland has left
  412. Dave Cridland has left
  413. Dave Cridland has left
  414. Ge0rG has left
  415. Ge0rG has left
  416. Ge0rG has left
  417. moparisthebest has left
  418. Ge0rG has left
  419. j.r has joined
  420. Ge0rG has left
  421. Andrew Nenakhov has left
  422. Ge0rG has left
  423. Guus has left
  424. Andrew Nenakhov has joined
  425. Ge0rG has left
  426. Ge0rG has left
  427. Alex has left
  428. Ge0rG has left
  429. Ge0rG has left
  430. Ge0rG has left
  431. alexis has left
  432. Nekit has left
  433. Nekit has joined
  434. Ge0rG has left
  435. jubalh has joined
  436. jubalh has left
  437. Ge0rG has left
  438. LNJ has joined
  439. mimi89999 has left
  440. Guus has joined
  441. Guus has joined
  442. winfried has left
  443. winfried has left
  444. winfried has joined
  445. Dave Cridland has left
  446. zinid has joined
  447. LNJ has left
  448. Andrew Nenakhov has left
  449. Andrew Nenakhov has joined
  450. Andrew Nenakhov has left
  451. Andrew Nenakhov has joined
  452. j.r has joined
  453. ta has left
  454. tim@boese-ban.de has left
  455. j.r has joined
  456. j.r has joined
  457. Guus has joined
  458. lovetox has joined
  459. lovetox in attic there is missing version 3.0 and 3.1 of httpupload https://xmpp.org/extensions/xep-0363.html
  460. Steve Kille has left
  461. jonasw there is no 3.0
  462. jonasw or 3.1
  463. jonasw do you mean 0.3.0 and 0.3.1?
  464. jonasw (which are also missing, indeed)
  465. jubalh has joined
  466. jonasw I’ll regenerate them
  467. jubalh has left
  468. Neustradamus has joined
  469. lovetox yes i meant those
  470. jonasw will be up shortly
  471. lovetox thanks
  472. jonasw spoiler: 0.3.1 is only a typo fix ;)
  473. jonasw lovetox, will be available within the next five minutes
  474. Ge0rG starts tea timer
  475. Dave Cridland has left
  476. lovetox has left
  477. SamWhited has left
  478. jubalh has joined
  479. Alex has joined
  480. lovetox has joined
  481. waqas has joined
  482. jubalh has left
  483. lovetox what funny attack can you do if you have newline chars in a header value
  484. lovetox talking about httpupload
  485. Valerian has left
  486. Valerian has joined
  487. j.r has joined
  488. j.r has joined
  489. jonasw lovetox, escape from the header, depending on the brokenness of implementations involved
  490. lovetox the authorizartion value is base64 encoded
  491. lovetox this means i execute on that value .strip('\n')
  492. intosi has left
  493. intosi has joined
  494. lovetox not decode it and execute it on that
  495. MattJ Correct
  496. lovetox kk thanks
  497. jonasw lovetox, that’s not sufficient
  498. MattJ The client is not expected to understand what the headers are
  499. jonasw .replace("\n", "") is safer
  500. jonasw or if "\n" in header_value: raise RuntimeError("gtfo")
  501. lovetox thats indeed better
  502. jubalh has joined
  503. lovetox i should just not upload to a service providing xep violating stuff
  504. jonasw probably
  505. alexis has joined
  506. alexis has left
  507. alexis has joined
  508. lovetox ups strip is only for beginn and end, indeed that would not be enough
  509. jonasw t
  510. alexis has left
  511. alexis has joined
  512. Dave Cridland has left
  513. alexis has left
  514. alexis has joined
  515. jubalh has left
  516. Holger has left
  517. alexis has left
  518. alexis has joined
  519. vanitasvitae has left
  520. jubalh has joined
  521. Dave Cridland has left
  522. Nekit has left
  523. Nekit has joined
  524. lovetox has left
  525. Dave Cridland has left
  526. jubalh has left
  527. jubalh has joined
  528. alexis has left
  529. alexis has joined
  530. marmistrz has joined
  531. alexis has left
  532. alexis has joined
  533. jubalh has left
  534. daniel has left
  535. daniel has left
  536. Valerian has left
  537. Valerian has joined
  538. jubalh has joined
  539. jubalh has left
  540. ta has left
  541. daniel has left
  542. Dave Cridland has left
  543. Andrew Nenakhov has left
  544. Andrew Nenakhov has joined
  545. tux has left
  546. Maranda has left
  547. daniel has left
  548. Dave Cridland has left
  549. Dave Cridland has left
  550. daniel has left
  551. Dave Cridland has left
  552. Dave Cridland has left
  553. Valerian has left
  554. Dave Cridland has left
  555. Valerian has joined
  556. daniel has left
  557. Nekit has left
  558. Nekit has joined
  559. sezuan has left
  560. jere has joined
  561. jere has joined
  562. Dave Cridland has left
  563. Valerian has left
  564. marmistrz has left
  565. Valerian has joined
  566. mrdoctorwho has left
  567. jere has left
  568. jere has joined
  569. Yagiza has left
  570. Guus has left
  571. daniel has left
  572. Valerian has left
  573. jere has left
  574. Andrew Nenakhov has left
  575. Andrew Nenakhov has joined
  576. ralphm has left
  577. jubalh has joined
  578. Guus has left
  579. jubalh has left
  580. jubalh has joined
  581. jubalh has left
  582. jubalh has joined
  583. ta has joined
  584. j.r has joined
  585. jubalh has joined
  586. jubalh has joined
  587. j.r has left
  588. j.r has joined
  589. lovetox has joined
  590. Tobias has left
  591. ralphm has joined
  592. Dave Cridland has left
  593. alexis has left
  594. alexis has joined
  595. Ge0rG Http upload is a small security nightmare.
  596. Ge0rG BTW, was there a change already restricting the legal header values?
  597. Ge0rG > Requesting entities MUST ensure that only the headers that are explicitly allowed by this XEP (Authorization, Cookie, Expires) are copied from the slot response to the HTTP request. Ah, yes. But it's still not enforced at protocol level
  598. rion I've applied this restriction to Psi
  599. Ge0rG > MUST strip any newline characters I wonder whether "newline characters" is too vague, as it's implementation defined
  600. jjrh has left
  601. alexis has left
  602. jubalh has joined
  603. Dave Cridland has left
  604. Dave Cridland has left
  605. Neustradamus has left
  606. moparisthebest has anyone tried (ab)using SOCKS5 Bytestreams https://xmpp.org/extensions/xep-0065.html to poke at internal network stuff?
  607. Dave Cridland has left
  608. moparisthebest there aren't any security considerations about it
  609. winfried has left
  610. rion Do you mean sending something w/o opening filetransfer session of something?
  611. rion of traffic encryption
  612. Zash moparisthebest: but both parties connect to the server, the server doesn't initiate anything outbound
  613. Zash moparisthebest: you might be able to trick remote clients into such things tho
  614. Dave Cridland has left
  615. moparisthebest like, the server has access to a 10.X.X.X private subnet external users do not have access to, can an external client do bad things
  616. moparisthebest yea that's another way to do it
  617. rion has left
  618. Dave Cridland has left
  619. Ge0rG You'd have to trick the client to connect to a "proxy" you defined
  620. Dave Cridland has left
  621. Zash I forget the details, but doesn't one party pick the proxies, the other responds with one it can connect to.
  622. Dave Cridland has left
  623. Ge0rG I never knew the details, so...
  624. Dave Cridland has left
  625. jonasw has left
  626. Steve Kille has left
  627. Dave Cridland has left
  628. Ge0rG has left
  629. Ge0rG has left
  630. Ge0rG has left
  631. Alex has left
  632. Dave Cridland has left
  633. Steve Kille has joined
  634. Dave Cridland has left
  635. Dave Cridland has left
  636. Dave Cridland has left
  637. Dave Cridland has joined
  638. Dave Cridland has left
  639. lskdjf has joined
  640. marmistrz has left
  641. Dave Cridland has left
  642. Steve Kille has left
  643. jubalh has joined
  644. Dave Cridland has left
  645. la|r|ma has joined
  646. mrdoctorwho has joined
  647. Dave Cridland has left
  648. Dave Cridland has left
  649. Nekit has left
  650. marmistrz has left
  651. nyco has left
  652. ralphm has left
  653. Dave Cridland has left
  654. winfried has left
  655. Dave Cridland has left
  656. ralphm has joined
  657. Dave Cridland has left
  658. Dave Cridland has joined
  659. Dave Cridland has left
  660. ludo has joined
  661. j.r has joined
  662. marmistrz has joined
  663. marc has left
  664. marmistrz has left
  665. rion has joined
  666. rion has left
  667. waqas has left
  668. waqas has joined
  669. winfried has left
  670. Dave Cridland has left
  671. j.r has joined
  672. Dave Cridland has left
  673. waqas has left
  674. Dave Cridland has left
  675. Dave Cridland has left
  676. ludo has left
  677. waqas has joined
  678. j.r has left
  679. j.r has joined
  680. jubalh has left
  681. alexis has joined
  682. jubalh has joined
  683. jubalh has left
  684. waqas has left
  685. Dave Cridland has left
  686. Dave Cridland has left
  687. alexis has left
  688. Dave Cridland has left
  689. Dave Cridland has left
  690. Dave Cridland has left
  691. Dave Cridland has left
  692. Dave Cridland has left
  693. alexis has joined
  694. Dave Cridland has left
  695. Dave Cridland has left
  696. Dave Cridland has joined
  697. Dave Cridland has left
  698. Ge0rG has left
  699. waqas has joined
  700. Dave Cridland has left
  701. Dave Cridland has joined
  702. Dave Cridland has left
  703. Dave Cridland has joined
  704. alexis has left
  705. Dave Cridland has left
  706. Dave Cridland has left
  707. Dave Cridland has joined
  708. LNJ has joined
  709. Dave Cridland has left
  710. Steve Kille has left
  711. la|r|ma has left
  712. la|r|ma has left
  713. Dave Cridland has left
  714. Dave Cridland has left
  715. Dave Cridland has left
  716. SamWhited has left
  717. Dave Cridland has left
  718. Dave Cridland has left
  719. Dave Cridland has left
  720. Kev has left
  721. Dave Cridland has left
  722. moparisthebest has joined
  723. j.r has left
  724. j.r has joined
  725. Dave Cridland has left
  726. Kev has joined
  727. Dave Cridland has left
  728. Dave Cridland has left
  729. Dave Cridland has left
  730. j.r has left
  731. j.r has joined
  732. Dave Cridland has left
  733. Dave Cridland has left
  734. j.r has left
  735. j.r has joined
  736. Tobias has joined
  737. Tobias has joined
  738. Dave Cridland has left
  739. Dave Cridland has left
  740. Dave Cridland has left
  741. Alex has left
  742. Dave Cridland has left
  743. Dave Cridland has left
  744. Dave Cridland has left
  745. marmistrz has left
  746. blabla has joined
  747. blabla has joined
  748. Dave Cridland has left
  749. Dave Cridland has left
  750. Ge0rG has left
  751. peter has joined
  752. Dave Cridland has left
  753. Dave Cridland has left
  754. peter interesting reading: https://irisate.com/crdt-for-real-time-collaborative-apps/
  755. winfried has left
  756. peter has left
  757. winfried has joined
  758. MattJ It feels like only yesterday when Operation Transformation was the best thing ever
  759. Kev You've gotten old.
  760. MattJ *Operational
  761. MattJ :(
  762. Kev Don't feel bad, I'll catch up soon.
  763. Nekit has left
  764. moparisthebest has joined
  765. goffi has left
  766. Dave Cridland has left
  767. Dave Cridland has left
  768. Dave Cridland has left
  769. Dave Cridland has left
  770. LNJ has left
  771. Dave Cridland has left
  772. Dave Cridland has left
  773. marmistrz has left
  774. lskdjf has joined
  775. Steve Kille has left
  776. Steve Kille has joined
  777. mrdoctorwho has joined
  778. waqas has left
  779. waqas has joined
  780. jubalh has joined
  781. Andrew Nenakhov has left
  782. Andrew Nenakhov has joined
  783. Andrew Nenakhov has left
  784. Andrew Nenakhov has joined
  785. tux has joined
  786. Andrew Nenakhov has left
  787. Andrew Nenakhov has joined
  788. Andrew Nenakhov has left
  789. Andrew Nenakhov has joined
  790. Dave Cridland has left
  791. ralphm has joined
  792. Steve Kille has left
  793. Steve Kille has joined
  794. SaltyBones has left
  795. SaltyBones has joined
  796. ralphm has left
  797. ralphm has joined
  798. jubalh has joined
  799. lovetox i found this in gajim code
  800. lovetox when creating TLS connection we pass a cipher list
  801. lovetox 'HIGH:!aNULL:RC4-SHA'
  802. lovetox it this up to date?!
  803. lovetox i have no clue about ciphers :/
  804. ralphm has joined
  805. Zash If it's using a modern OpenSSL then I don't think you need to worry.
  806. Zash Only 'HIGH' seems to matter. Removing ciphers without authentication (aNULL) from the set of "highly secure" ciphers (HIGH) does nothing.
  807. Zash And RC4 doesn't seem to exist anymore.
  808. SamWhited Still, that doesn't seem like a good sign…
  809. Holger Zash: Unless things changed recently, HIGH does include aNULL ciphers.
  810. Zash Oh
  811. Zash Indeed
  812. Zash Hidden among all the various auth mechanisms that aren't used either
  813. SamWhited I'm more concerned that they would try to select RC4, regardless of whether it still exists in openssl or not.
  814. Dave Cridland has left
  815. Zash $ diff -u <(openssl ciphers -v HIGH) <(openssl ciphers -v 'HIGH:!aNULL')|q https://q.zash.se/324a465c00bf.txt
  816. Zash on Debian Stable with OpenSSL 1.1.0f
  817. lskdjf has joined
  818. ralphm has joined
  819. Zash SamWhited: It's pretty good compared to cipher lists like this: https://q.zash.se/da0ffe1f3f82.txt
  820. SamWhited What's that from?
  821. Zash Oooooooooold Jitsi
  822. Zash Possibly from 2013
  823. Zash https://blog.thijsalkema.de/blog/2013/09/02/the-state-of-tls-on-xmpp-3/
  824. lovetox has left
  825. Zash From those days
  826. SamWhited fun… Java things always seem to be behind.
  827. lovetox has joined
  828. ralphm has joined
  829. SamWhited huh, apparently RC4 was considered broken later than I thought
  830. Zash Defaults were pretty bad back then in most things.
  831. SamWhited Still though, if you're still recomnending it today that's a pretty big red flag for gajim…
  832. Zash Hasn't RC4 been considered "icky but let's not worry too much about it" since forever?
  833. SamWhited I was thinking it was late 2013, but apparently it was 2015 that the IETF stopped telling people to use it in TLS.
  834. waqas has left
  835. Zash Comparing the current situation with that post would probably be interesting.
  836. ralphm has joined
  837. alexis has joined
  838. Dave Cridland has left
  839. Dave Cridland has left
  840. ralphm has left
  841. ralphm has joined