[Operators] Please enable Forward Secrecy for your servers!
vince at darkness.su
Sat Oct 3 11:40:17 UTC 2015
Being that XMPP with Off-The-Record Messaging is considered secure in many environments and that most users have low knowledge of encryption,I would tend to disagree.And it might be,but I feel users should be able to expect the server they sign up on will have at least current day standards in security even if they are not optimal.These servers don't support any forward secrecy suites and Jodo.im is still on SSLv3 and TLS1.0 only.
I'm already enforcing PFS and can't communicate with these servers anyways,blocking them will just avoid the failed handshakes.
Also I meant I'll block servers that don't support any forward secrecy suites,not that don't fully enforce forward secrecy,though that's my mistake :p
More information about the Operators