XSF Discussion - 2018-03-23


  1. Dave Cridland has left

  2. waqas has joined

  3. Holger has left

  4. SamWhited has left

  5. mrdoctorwho has left

  6. Guus has left

  7. jere has left

  8. ralphm has left

  9. ludo has joined

  10. lskdjf has joined

  11. la|r|ma has left

  12. jere has joined

  13. Syndace has left

  14. Syndace has joined

  15. Zash has left

  16. waqas has left

  17. Guus has left

  18. ludo has left

  19. ludo has joined

  20. ralphm has left

  21. ludo has left

  22. jjrh has left

  23. ludo has joined

  24. ralphm has left

  25. ralphm has left

  26. daniel has left

  27. ralphm has left

  28. Guus has left

  29. ludo has left

  30. Zash has joined

  31. moparisthebest has joined

  32. ralphm has left

  33. alexis has left

  34. ludo has joined

  35. moparisthebest has left

  36. Guus has left

  37. ralphm has left

  38. lumi has joined

  39. Guus has left

  40. ralphm has left

  41. ralphm has left

  42. Guus has left

  43. jere has joined

  44. lskdjf has left

  45. Guus has left

  46. ludo has left

  47. Guus has left

  48. Guus has left

  49. vanitasvitae has joined

  50. vanitasvitae has joined

  51. ludo has joined

  52. alexis has left

  53. alexis has left

  54. rion has joined

  55. Guus has left

  56. Guus has left

  57. ralphm has left

  58. ludo has left

  59. jere has joined

  60. ludo has joined

  61. rion has left

  62. rion has joined

  63. Guus has left

  64. Yagiza has joined

  65. rion has left

  66. alexis has left

  67. ludo has left

  68. alexis has joined

  69. alexis has joined

  70. ludo has joined

  71. jere has joined

  72. efrit has left

  73. ludo has left

  74. rion has left

  75. lskdjf has joined

  76. Guus has left

  77. ta has joined

  78. efrit has joined

  79. Guus has left

  80. alexis has joined

  81. waqas has joined

  82. ludo has joined

  83. ralphm has left

  84. la|r|ma has joined

  85. alexis has left

  86. alexis has joined

  87. ludo has left

  88. SamWhited has left

  89. rion has left

  90. la|r|ma has joined

  91. lskdjf has joined

  92. alexis has left

  93. alexis has joined

  94. ludo has joined

  95. alexis has left

  96. alexis has joined

  97. alexis has left

  98. alexis has joined

  99. ludo has left

  100. alexis has left

  101. alexis has joined

  102. ralphm has left

  103. alexis has joined

  104. daniel has left

  105. alexis has left

  106. alexis has joined

  107. ralphm has left

  108. alexis has left

  109. alexis has joined

  110. alexis has left

  111. alexis has joined

  112. moparisthebest has joined

  113. alexis has joined

  114. ralphm has left

  115. alexis has joined

  116. LNJ has joined

  117. Dave Cridland has left

  118. ralphm has left

  119. ludo has joined

  120. ludo has left

  121. goffi has joined

  122. sezuan has left

  123. sezuan has joined

  124. waqas has left

  125. LNJ has left

  126. j.r has left

  127. j.r has joined

  128. LNJ has joined

  129. Steve Kille has left

  130. ralphm has left

  131. rion has joined

  132. j.r has joined

  133. j.r has joined

  134. j.r has left

  135. j.r has joined

  136. j.r has left

  137. ludo has joined

  138. j.r has joined

  139. ralphm has left

  140. ralphm has left

  141. blabla has joined

  142. Lance has joined

  143. Lance has left

  144. ralphm has left

  145. ludo has left

  146. j.r has joined

  147. j.r has joined

  148. alexis has left

  149. alexis has joined

  150. ralphm has left

  151. ludo has joined

  152. Valerian has joined

  153. ludo has left

  154. ta has left

  155. @Alacer has left

  156. rion has left

  157. j.r has joined

  158. ralphm has left

  159. ralphm has joined

  160. intosi has joined

  161. ta has joined

  162. ludo has joined

  163. Guus has left

  164. marmistrz has joined

  165. marmistrz has left

  166. marmistrz has left

  167. ludo has left

  168. ludo has joined

  169. Guus has left

  170. ludo has left

  171. tim@boese-ban.de has joined

  172. vanitasvitae has joined

  173. marmistrz has joined

  174. Valerian has left

  175. McKael has joined

  176. ralphm has left

  177. winfried has joined

  178. efrit has left

  179. Ge0rG

    Sigh. How one should not design XMPP clients: https://github.com/KaidanIM/Kaidan/issues/220

  180. marmistrz has joined

  181. Kev

    Swift autoaccepts requests too, but only for bidirectional

  182. Kev

    (If you send a subscription request to someone, it'll approve the one they send back)

  183. jonasw

    that makes sense

  184. blabla has left

  185. daniel

    > (If you send a subscription request to someone, it'll approve the one they send back) Conversations does that too.

  186. daniel

    Even though that's actually what pre-approval is for

  187. Ge0rG

    it makes sense in a world where subscription shouldn't consist of directed graphs

  188. daniel

    Or pre Auth

  189. Ge0rG

    except pre-approval is not guaranteed

  190. daniel

    What ever that was called

  191. Ge0rG

    yaxim will do both

  192. Guus has left

  193. Kev

    But Swift doesn't talk about subscription requests, it just talks about Add Contact.

  194. daniel

    Did ejabberd start announcing that stream feature?

  195. daniel

    Because at some point it had support but didn't announce the feature which doesn't make sense this the RFC tells clients to only use it if the feature is announced

  196. Ge0rG

    I wonder how many of my Swift issues got fixed for 4.0.

  197. Ge0rG

    daniel: I'm using it anyway.

  198. Ge0rG is a lazy and ignorant client dev

  199. jonasw

    Ge0rG, you do know that prosody doesn’t support it?

  200. Ge0rG

    jonasw: I know.

  201. ludo has joined

  202. Ge0rG

    jonasw: but what's the worst thing that can happen if I send a pre-approval to a non-supporting server?

  203. jonasw

    <malformed-request/> stream error.

  204. daniel

    Stream error

  205. daniel

    😂

  206. jonasw

    ah, <invalid-xml/>

  207. Ge0rG

    but it is valid xml. It just comes at the wrong time

  208. jonasw

    Ge0rG, invalid XML is for things which do not pass schema validation

  209. Ge0rG

    she-what? :P

  210. jonasw

    granted, I’d argue that such a server would be pretty weirdly designed to be gin with

  211. jonasw

    granted, I’d argue that such a server would be pretty weirdly designed to begin with

  212. Ge0rG

    jonasw: auto-generated by the schema-to-code thing we talked about yesternight.

  213. Ge0rG &

  214. jonasw

    fg

  215. ludo has left

  216. LNJ has left

  217. LNJ has joined

  218. Ge0rG

    Bad memory access (SIGBUS)

  219. Andrew Nenakhov has left

  220. Andrew Nenakhov has joined

  221. LNJ has left

  222. LNJ has joined

  223. Andrew Nenakhov has left

  224. Andrew Nenakhov has joined

  225. SaltyBones has left

  226. ta has joined

  227. nyco has left

  228. Valerian has joined

  229. winfried has left

  230. Steve Kille has left

  231. Andrew Nenakhov has left

  232. ludo has joined

  233. Andrew Nenakhov has joined

  234. Andrew Nenakhov has left

  235. Andrew Nenakhov has joined

  236. Andrew Nenakhov has left

  237. Andrew Nenakhov has joined

  238. Steve Kille has left

  239. alexis has left

  240. marmistrz has left

  241. ludo has left

  242. Steve Kille has joined

  243. jubalh has joined

  244. jubalh has left

  245. ralphm has left

  246. marmistrz has left

  247. ludo has joined

  248. winfried has left

  249. Steve Kille has left

  250. ludo has left

  251. ralphm has joined

  252. Guus has left

  253. alexis has joined

  254. ThibG has left

  255. valo has joined

  256. intosi has left

  257. intosi has joined

  258. LNJ has left

  259. alexis has left

  260. Zash has left

  261. alexis has joined

  262. Zash has joined

  263. Zash has left

  264. Dave Cridland has left

  265. Zash has joined

  266. ludo has joined

  267. alexis has left

  268. Dave Cridland has left

  269. alexis has joined

  270. LNJ has joined

  271. Dave Cridland has left

  272. Dave Cridland has left

  273. Dave Cridland has left

  274. alexis has left

  275. daniel has left

  276. Dave Cridland has left

  277. alexis has joined

  278. ludo has left

  279. rion has joined

  280. alexis has left

  281. jubalh has joined

  282. jubalh has left

  283. Alex has joined

  284. jubalh has joined

  285. jubalh has left

  286. Kev has left

  287. vanitasvitae has left

  288. Kev has joined

  289. jubalh has joined

  290. jubalh has left

  291. daniel has left

  292. LNJ has left

  293. alexis has joined

  294. alexis has left

  295. alexis has joined

  296. Dave Cridland has left

  297. alexis has left

  298. alexis has joined

  299. winfried has left

  300. Valerian has left

  301. jubalh has joined

  302. Dave Cridland has left

  303. Dave Cridland has left

  304. Yagiza has left

  305. Dave Cridland has left

  306. ludo has joined

  307. Yagiza has joined

  308. mr-L has joined

  309. marmistrz has left

  310. mr-L has left

  311. alexis has left

  312. alexis has joined

  313. Dave Cridland has left

  314. ludo has left

  315. Valerian has joined

  316. daniel has left

  317. Dave Cridland has left

  318. alexis has left

  319. alexis has joined

  320. Dave Cridland has left

  321. ta has left

  322. Dave Cridland has left

  323. vanitasvitae has left

  324. ludo has joined

  325. Dave Cridland has left

  326. marmistrz has joined

  327. marmistrz has joined

  328. Dave Cridland has left

  329. Holger has left

  330. Dave Cridland has left

  331. ludo has left

  332. jubalh has left

  333. la|r|ma has joined

  334. Syndace has left

  335. Syndace has joined

  336. Dave Cridland has left

  337. Dave Cridland has left

  338. lskdjf has joined

  339. jere has joined

  340. Andrew Nenakhov has left

  341. Andrew Nenakhov has joined

  342. jubalh has joined

  343. Andrew Nenakhov has left

  344. Andrew Nenakhov has joined

  345. Valerian has left

  346. Dave Cridland has left

  347. Dave Cridland has left

  348. Kev has left

  349. Dave Cridland has left

  350. Dave Cridland has left

  351. valo has joined

  352. lumi has joined

  353. j.r has joined

  354. Valerian has joined

  355. vanitasvitae has left

  356. Dave Cridland has left

  357. Dave Cridland has left

  358. Dave Cridland has left

  359. Dave Cridland has left

  360. jubalh has left

  361. Dave Cridland has left

  362. Andrew Nenakhov has left

  363. Andrew Nenakhov has joined

  364. Dave Cridland has left

  365. Andrew Nenakhov has left

  366. Andrew Nenakhov has joined

  367. j.r has joined

  368. Dave Cridland has left

  369. Dave Cridland has left

  370. Dave Cridland has left

  371. Dave Cridland has left

  372. valo has joined

  373. Dave Cridland has left

  374. la|r|ma has left

  375. la|r|ma has joined

  376. Dave Cridland has left

  377. la|r|ma has left

  378. la|r|ma has joined

  379. Dave Cridland has left

  380. Dave Cridland has left

  381. Dave Cridland has left

  382. la|r|ma has left

  383. la|r|ma has joined

  384. Dave Cridland has left

  385. Dave Cridland has left

  386. Dave Cridland has left

  387. Ge0rG has left

  388. Ge0rG has left

  389. Ge0rG has left

  390. Dave Cridland has left

  391. Ge0rG has left

  392. ta has left

  393. j.r has joined

  394. Dave Cridland has left

  395. jubalh has joined

  396. Dave Cridland has left

  397. jubalh has left

  398. Ge0rG has left

  399. Dave Cridland has left

  400. moparisthebest has joined

  401. Ge0rG has left

  402. Dave Cridland has left

  403. SamWhited has left

  404. Dave Cridland has left

  405. Ge0rG has left

  406. Ge0rG has left

  407. Dave Cridland has left

  408. SamWhited has left

  409. Ge0rG has left

  410. valo has joined

  411. Dave Cridland has left

  412. Dave Cridland has left

  413. Dave Cridland has left

  414. Ge0rG has left

  415. Ge0rG has left

  416. Ge0rG has left

  417. moparisthebest has left

  418. Ge0rG has left

  419. j.r has joined

  420. Ge0rG has left

  421. Andrew Nenakhov has left

  422. Ge0rG has left

  423. Guus has left

  424. Andrew Nenakhov has joined

  425. Ge0rG has left

  426. Ge0rG has left

  427. Alex has left

  428. Ge0rG has left

  429. Ge0rG has left

  430. Ge0rG has left

  431. alexis has left

  432. Nekit has left

  433. Nekit has joined

  434. Ge0rG has left

  435. jubalh has joined

  436. jubalh has left

  437. Ge0rG has left

  438. LNJ has joined

  439. mimi89999 has left

  440. Guus has joined

  441. Guus has joined

  442. winfried has left

  443. winfried has left

  444. winfried has joined

  445. Dave Cridland has left

  446. zinid has joined

  447. LNJ has left

  448. Andrew Nenakhov has left

  449. Andrew Nenakhov has joined

  450. Andrew Nenakhov has left

  451. Andrew Nenakhov has joined

  452. j.r has joined

  453. ta has left

  454. tim@boese-ban.de has left

  455. j.r has joined

  456. j.r has joined

  457. Guus has joined

  458. lovetox has joined

  459. lovetox

    in attic there is missing version 3.0 and 3.1 of httpupload https://xmpp.org/extensions/xep-0363.html

  460. Steve Kille has left

  461. jonasw

    there is no 3.0

  462. jonasw

    or 3.1

  463. jonasw

    do you mean 0.3.0 and 0.3.1?

  464. jonasw

    (which are also missing, indeed)

  465. jubalh has joined

  466. jonasw

    I’ll regenerate them

  467. jubalh has left

  468. Neustradamus has joined

  469. lovetox

    yes i meant those

  470. jonasw

    will be up shortly

  471. lovetox

    thanks

  472. jonasw

    spoiler: 0.3.1 is only a typo fix ;)

  473. jonasw

    lovetox, will be available within the next five minutes

  474. Ge0rG starts tea timer

  475. Dave Cridland has left

  476. lovetox has left

  477. SamWhited has left

  478. jubalh has joined

  479. Alex has joined

  480. lovetox has joined

  481. waqas has joined

  482. jubalh has left

  483. lovetox

    what funny attack can you do if you have newline chars in a header value

  484. lovetox

    talking about httpupload

  485. Valerian has left

  486. Valerian has joined

  487. j.r has joined

  488. j.r has joined

  489. jonasw

    lovetox, escape from the header, depending on the brokenness of implementations involved

  490. lovetox

    the authorizartion value is base64 encoded

  491. lovetox

    this means i execute on that value .strip('\n')

  492. intosi has left

  493. intosi has joined

  494. lovetox

    not decode it and execute it on that

  495. MattJ

    Correct

  496. lovetox

    kk thanks

  497. jonasw

    lovetox, that’s not sufficient

  498. MattJ

    The client is not expected to understand what the headers are

  499. jonasw

    .replace("\n", "") is safer

  500. jonasw

    or if "\n" in header_value: raise RuntimeError("gtfo")

  501. lovetox

    thats indeed better

  502. jubalh has joined

  503. lovetox

    i should just not upload to a service providing xep violating stuff

  504. jonasw

    probably

  505. alexis has joined

  506. alexis has left

  507. alexis has joined

  508. lovetox

    ups strip is only for beginn and end, indeed that would not be enough

  509. jonasw

    t

  510. alexis has left

  511. alexis has joined

  512. Dave Cridland has left

  513. alexis has left

  514. alexis has joined

  515. jubalh has left

  516. Holger has left

  517. alexis has left

  518. alexis has joined

  519. vanitasvitae has left

  520. jubalh has joined

  521. Dave Cridland has left

  522. Nekit has left

  523. Nekit has joined

  524. lovetox has left

  525. Dave Cridland has left

  526. jubalh has left

  527. jubalh has joined

  528. alexis has left

  529. alexis has joined

  530. marmistrz has joined

  531. alexis has left

  532. alexis has joined

  533. jubalh has left

  534. daniel has left

  535. daniel has left

  536. Valerian has left

  537. Valerian has joined

  538. jubalh has joined

  539. jubalh has left

  540. ta has left

  541. daniel has left

  542. Dave Cridland has left

  543. Andrew Nenakhov has left

  544. Andrew Nenakhov has joined

  545. tux has left

  546. Maranda has left

  547. daniel has left

  548. Dave Cridland has left

  549. Dave Cridland has left

  550. daniel has left

  551. Dave Cridland has left

  552. Dave Cridland has left

  553. Valerian has left

  554. Dave Cridland has left

  555. Valerian has joined

  556. daniel has left

  557. Nekit has left

  558. Nekit has joined

  559. sezuan has left

  560. jere has joined

  561. jere has joined

  562. Dave Cridland has left

  563. Valerian has left

  564. marmistrz has left

  565. Valerian has joined

  566. mrdoctorwho has left

  567. jere has left

  568. jere has joined

  569. Yagiza has left

  570. Guus has left

  571. daniel has left

  572. Valerian has left

  573. jere has left

  574. Andrew Nenakhov has left

  575. Andrew Nenakhov has joined

  576. ralphm has left

  577. jubalh has joined

  578. Guus has left

  579. jubalh has left

  580. jubalh has joined

  581. jubalh has left

  582. jubalh has joined

  583. ta has joined

  584. j.r has joined

  585. jubalh has joined

  586. jubalh has joined

  587. j.r has left

  588. j.r has joined

  589. lovetox has joined

  590. Tobias has left

  591. ralphm has joined

  592. Dave Cridland has left

  593. alexis has left

  594. alexis has joined

  595. Ge0rG

    Http upload is a small security nightmare.

  596. Ge0rG

    BTW, was there a change already restricting the legal header values?

  597. Ge0rG

    > Requesting entities MUST ensure that only the headers that are explicitly allowed by this XEP (Authorization, Cookie, Expires) are copied from the slot response to the HTTP request. Ah, yes. But it's still not enforced at protocol level

  598. rion

    I've applied this restriction to Psi

  599. Ge0rG

    > MUST strip any newline characters I wonder whether "newline characters" is too vague, as it's implementation defined

  600. jjrh has left

  601. alexis has left

  602. jubalh has joined

  603. Dave Cridland has left

  604. Dave Cridland has left

  605. Neustradamus has left

  606. moparisthebest

    has anyone tried (ab)using SOCKS5 Bytestreams https://xmpp.org/extensions/xep-0065.html to poke at internal network stuff?

  607. Dave Cridland has left

  608. moparisthebest

    there aren't any security considerations about it

  609. winfried has left

  610. rion

    Do you mean sending something w/o opening filetransfer session of something?

  611. rion

    of traffic encryption

  612. Zash

    moparisthebest: but both parties connect to the server, the server doesn't initiate anything outbound

  613. Zash

    moparisthebest: you might be able to trick remote clients into such things tho

  614. Dave Cridland has left

  615. moparisthebest

    like, the server has access to a 10.X.X.X private subnet external users do not have access to, can an external client do bad things

  616. moparisthebest

    yea that's another way to do it

  617. rion has left

  618. Dave Cridland has left

  619. Ge0rG

    You'd have to trick the client to connect to a "proxy" you defined

  620. Dave Cridland has left

  621. Zash

    I forget the details, but doesn't one party pick the proxies, the other responds with one it can connect to.

  622. Dave Cridland has left

  623. Ge0rG

    I never knew the details, so...

  624. Dave Cridland has left

  625. jonasw has left

  626. Steve Kille has left

  627. Dave Cridland has left

  628. Ge0rG has left

  629. Ge0rG has left

  630. Ge0rG has left

  631. Alex has left

  632. Dave Cridland has left

  633. Steve Kille has joined

  634. Dave Cridland has left

  635. Dave Cridland has left

  636. Dave Cridland has left

  637. Dave Cridland has joined

  638. Dave Cridland has left

  639. lskdjf has joined

  640. marmistrz has left

  641. Dave Cridland has left

  642. Steve Kille has left

  643. jubalh has joined

  644. Dave Cridland has left

  645. la|r|ma has joined

  646. mrdoctorwho has joined

  647. Dave Cridland has left

  648. Dave Cridland has left

  649. Nekit has left

  650. marmistrz has left

  651. nyco has left

  652. ralphm has left

  653. Dave Cridland has left

  654. winfried has left

  655. Dave Cridland has left

  656. ralphm has joined

  657. Dave Cridland has left

  658. Dave Cridland has joined

  659. Dave Cridland has left

  660. ludo has joined

  661. j.r has joined

  662. marmistrz has joined

  663. marc has left

  664. marmistrz has left

  665. rion has joined

  666. rion has left

  667. waqas has left

  668. waqas has joined

  669. winfried has left

  670. Dave Cridland has left

  671. j.r has joined

  672. Dave Cridland has left

  673. waqas has left

  674. Dave Cridland has left

  675. Dave Cridland has left

  676. ludo has left

  677. waqas has joined

  678. j.r has left

  679. j.r has joined

  680. jubalh has left

  681. alexis has joined

  682. jubalh has joined

  683. jubalh has left

  684. waqas has left

  685. Dave Cridland has left

  686. Dave Cridland has left

  687. alexis has left

  688. Dave Cridland has left

  689. Dave Cridland has left

  690. Dave Cridland has left

  691. Dave Cridland has left

  692. Dave Cridland has left

  693. alexis has joined

  694. Dave Cridland has left

  695. Dave Cridland has left

  696. Dave Cridland has joined

  697. Dave Cridland has left

  698. Ge0rG has left

  699. waqas has joined

  700. Dave Cridland has left

  701. Dave Cridland has joined

  702. Dave Cridland has left

  703. Dave Cridland has joined

  704. alexis has left

  705. Dave Cridland has left

  706. Dave Cridland has left

  707. Dave Cridland has joined

  708. LNJ has joined

  709. Dave Cridland has left

  710. Steve Kille has left

  711. la|r|ma has left

  712. la|r|ma has left

  713. Dave Cridland has left

  714. Dave Cridland has left

  715. Dave Cridland has left

  716. SamWhited has left

  717. Dave Cridland has left

  718. Dave Cridland has left

  719. Dave Cridland has left

  720. Kev has left

  721. Dave Cridland has left

  722. moparisthebest has joined

  723. j.r has left

  724. j.r has joined

  725. Dave Cridland has left

  726. Kev has joined

  727. Dave Cridland has left

  728. Dave Cridland has left

  729. Dave Cridland has left

  730. j.r has left

  731. j.r has joined

  732. Dave Cridland has left

  733. Dave Cridland has left

  734. j.r has left

  735. j.r has joined

  736. Tobias has joined

  737. Tobias has joined

  738. Dave Cridland has left

  739. Dave Cridland has left

  740. Dave Cridland has left

  741. Alex has left

  742. Dave Cridland has left

  743. Dave Cridland has left

  744. Dave Cridland has left

  745. marmistrz has left

  746. blabla has joined

  747. blabla has joined

  748. Dave Cridland has left

  749. Dave Cridland has left

  750. Ge0rG has left

  751. peter has joined

  752. Dave Cridland has left

  753. Dave Cridland has left

  754. peter

    interesting reading: https://irisate.com/crdt-for-real-time-collaborative-apps/

  755. winfried has left

  756. peter has left

  757. winfried has joined

  758. MattJ

    It feels like only yesterday when Operation Transformation was the best thing ever

  759. Kev

    You've gotten old.

  760. MattJ

    *Operational

  761. MattJ

    :(

  762. Kev

    Don't feel bad, I'll catch up soon.

  763. Nekit has left

  764. moparisthebest has joined

  765. goffi has left

  766. Dave Cridland has left

  767. Dave Cridland has left

  768. Dave Cridland has left

  769. Dave Cridland has left

  770. LNJ has left

  771. Dave Cridland has left

  772. Dave Cridland has left

  773. marmistrz has left

  774. lskdjf has joined

  775. Steve Kille has left

  776. Steve Kille has joined

  777. mrdoctorwho has joined

  778. waqas has left

  779. waqas has joined

  780. jubalh has joined

  781. Andrew Nenakhov has left

  782. Andrew Nenakhov has joined

  783. Andrew Nenakhov has left

  784. Andrew Nenakhov has joined

  785. tux has joined

  786. Andrew Nenakhov has left

  787. Andrew Nenakhov has joined

  788. Andrew Nenakhov has left

  789. Andrew Nenakhov has joined

  790. Dave Cridland has left

  791. ralphm has joined

  792. Steve Kille has left

  793. Steve Kille has joined

  794. SaltyBones has left

  795. SaltyBones has joined

  796. ralphm has left

  797. ralphm has joined

  798. jubalh has joined

  799. lovetox

    i found this in gajim code

  800. lovetox

    when creating TLS connection we pass a cipher list

  801. lovetox

    'HIGH:!aNULL:RC4-SHA'

  802. lovetox

    it this up to date?!

  803. lovetox

    i have no clue about ciphers :/

  804. ralphm has joined

  805. Zash

    If it's using a modern OpenSSL then I don't think you need to worry.

  806. Zash

    Only 'HIGH' seems to matter. Removing ciphers without authentication (aNULL) from the set of "highly secure" ciphers (HIGH) does nothing.

  807. Zash

    And RC4 doesn't seem to exist anymore.

  808. SamWhited

    Still, that doesn't seem like a good sign…

  809. Holger

    Zash: Unless things changed recently, HIGH does include aNULL ciphers.

  810. Zash

    Oh

  811. Zash

    Indeed

  812. Zash

    Hidden among all the various auth mechanisms that aren't used either

  813. SamWhited

    I'm more concerned that they would try to select RC4, regardless of whether it still exists in openssl or not.

  814. Dave Cridland has left

  815. Zash

    $ diff -u <(openssl ciphers -v HIGH) <(openssl ciphers -v 'HIGH:!aNULL')|q https://q.zash.se/324a465c00bf.txt

  816. Zash

    on Debian Stable with OpenSSL 1.1.0f

  817. lskdjf has joined

  818. ralphm has joined

  819. Zash

    SamWhited: It's pretty good compared to cipher lists like this: https://q.zash.se/da0ffe1f3f82.txt

  820. SamWhited

    What's that from?

  821. Zash

    Oooooooooold Jitsi

  822. Zash

    Possibly from 2013

  823. Zash

    https://blog.thijsalkema.de/blog/2013/09/02/the-state-of-tls-on-xmpp-3/

  824. lovetox has left

  825. Zash

    From those days

  826. SamWhited

    fun… Java things always seem to be behind.

  827. lovetox has joined

  828. ralphm has joined

  829. SamWhited

    huh, apparently RC4 was considered broken later than I thought

  830. Zash

    Defaults were pretty bad back then in most things.

  831. SamWhited

    Still though, if you're still recomnending it today that's a pretty big red flag for gajim…

  832. Zash

    Hasn't RC4 been considered "icky but let's not worry too much about it" since forever?

  833. SamWhited

    I was thinking it was late 2013, but apparently it was 2015 that the IETF stopped telling people to use it in TLS.

  834. waqas has left

  835. Zash

    Comparing the current situation with that post would probably be interesting.

  836. ralphm has joined

  837. alexis has joined

  838. Dave Cridland has left

  839. Dave Cridland has left

  840. ralphm has left

  841. ralphm has joined