8000
FIX(client,ui): PFS information being incorrect #5566
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
8194e32 to
ea6b31a
Compare
|
davidebeatrici
approved these changes
Feb 12, 2022
The information about perfect forwards secrecy (PFS) displayed within the server information dialog (TCP tab) was missing for newer ciphers. The reason was, that we are using a hard-coded list of cipher information and the new ones (TLS 1.3) are not part of that. However, in the meantime Qt has implemented indirect support for checking whether PFS is used, so we change the implementation to make use of that instead. Fixes mumble-voip#5469
PR mumble-voip#1825 introduced a hard-coded list of cipher information in order to be able to display extended information about the encryption details of a connection. Keeping this information up-to-date had to be done by means of a dedicated python script. The problem with this approach is that a) hard-coding something like this is never a good idea b) the updating has been forgotten in the last several years, leading to outdated information c) the update script is currently not working anymore Additionally, the current code only used the extended information to query the perfect forward secrecy support anyway and that has been implemented in a different way in de7b02f. The only other thing we used the extended info for, was to obtain the RFC name of ciphers, but since the list was outdated anyway, we nowadays probably used the fallback (using the name provided by Qt) more often than not. Therefore the hard-coded information has been removed and we now simply always stick to the cipher name as reported by Qt. If someone desperately requires the RFC names, they'll have to take it up with Qt to expose this name in their API as curating a hard-coded list in our code base is not a viable option.
ea6b31a to
0f6ff0b
Compare
💚 All backports created successfully
Questions ?Please refer to the Backport tool documentation |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The information about perfect forwards secrecy (PFS) displayed within
the server information dialog (TCP tab) was missing for newer ciphers.
The reason was, that we are using a hard-coded list of cipher
information and the new ones (TLS 1.3) are not part of that.
However, in the meantime Qt has implemented indirect support for
checking whether PFS is used, so we change the implementation to make
use of that instead.
Fixes #5469
Additionally the hard-coded cipher info list has been removed in a second commit.
Checks