is Pidgin vulnerable to the POODLE SSLv3 vulnerability?
datallah at pidgin.im
Fri Oct 17 13:05:33 EDT 2014
On Fri, Oct 17, 2014 at 9:27 AM, Lois Janes <LoisTJanes at mail.com> wrote:
> Is Pidgin vulnerable to the POODLE SSLv3 vulnerability?
> I know that Pidgin doesn't offer a way to disable SSLv3 support, so I'm
> specifically interested in whether Pidgin is suseptible to a TLS/SSL
> downgrade attack?
> Does Pidgin retry failed connections with lower SSL/TLS protocol versions?
> Does Pidgin support TLS_FALLBACK_SCSV?
The answer to all these questions depends on which SSL/TLS (gnutls or NSS)
library you're using with pidgin and the configuration of that library
(which will depend on your OS).
Pidgin/libpurple itself has no direct interaction with the SSL/TLS
> Support at pidgin.im mailing list
> Want to unsubscribe? Use this link:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Support