[Operators] Removing SSLv3 from ejabberd 2.1.x and 13.x

Thijs Alkemade thijs at xnyhps.nl
Tue Jan 7 16:40:09 UTC 2014


On 7 jan. 2014, at 02:31, Matthew Wild <mwild1 at gmail.com> wrote:

> Also note that SSLv3 hasn't been shown to be any less secure than
> TLSv1 (in fact they are essentially the same), but TLSv1 is still very
> widely used. Therefore there is no security reason to disable SSLv3,
> unless you also plan to disable TLSv1 at the same time.

In general this is simply not true. There are many extensions to TLS 1.0 that
are not defined for SSL 3. For example OCSP stapling, SNI, the curve
indication for ECDHE. True, SNI and OCSP stapling won't have much effect on
XMPP (I would like to know if there is an XMPP server that actually implements
OCSP stapling!), but it could mean an active attacker is capable of forcing a
client to not use forward-secrecy, which would be bad.

It's also less of a concern if it is true that XMPP clients don't downgrade
outside the TLS protocol. Sadly, Adium will try again with only SSL 3 when a
MAC failure occurs during the handshake. I'm not happy with it, but it is
necessary for some servers. I don't really know whether other clients have
similar workarounds.

Thijs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20140107/6b5bc5ab/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.jabber.org/pipermail/operators/attachments/20140107/6b5bc5ab/attachment.pgp>


More information about the Operators mailing list