Summary: | Connection to TLS-only server does not work. | ||
---|---|---|---|
Product: | [Applications] konversation | Reporter: | Yatsek <yatsek> |
Component: | encryption | Assignee: | Travis McHenry <wordsizzle> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | hein, joao.eiras, konversation-devel, rdieter |
Priority: | NOR | ||
Version: | 1.5 | ||
Target Milestone: | --- | ||
Platform: | Ubuntu | ||
OS: | Linux | ||
Latest Commit: | http://commits.kde.org/konversation/718a37c810718ddc297174046961544bd889700f | Version Fixed In: | |
Sentry Crash Report: |
Description
Yatsek
2014-10-27 13:05:14 UTC
Just to add more info. I am able to connect with Quassel with exactly same server/password combination. On Quassel I am getting: *** You are connected to your.server.com with TLSv1.2-AES256-GCM-SHA384-256bits On Konversation there is only error. I'm trying to prepare some repeatable testcase (maybe with irc server on VM) but have I very limited time availability. If somebody could point some directions then it would be great. And just to add info about severity of this issue - it can be expected that TLS will be the status quo of encryption (because of POODLE) and lack of TLS support actually completely voids Konversation as IRC tool for many of us - in case of my company - dev house with ~500 people. I believe this is because of the following: 1. Konversation uses KTcpSocket, which is a wrapper around QSslSocket. 2. QSslSocket lets you set which SSL or TLS versions you want to use while connecting. 3. For technical reasons KTcpSocket duplicates that API, and can get out of sync with QSslSocket. 4. KTcpSocket didn't use to have an equivalent to the "Use secure protocols" mode of QSslSocket, which enables reasonable defaults. 5. I actually added this to KTcpSocket, but because kdelibs wasn't released at the time the only secure variant left at the time was to set Konvi to use TLSv1. 6. This probably breaks on servers supporting only TLSv1.2. We can rely on newer kdelibs now and we're about to do a 1.5.1 release, so we can switch to #4 now. Git commit 718a37c810718ddc297174046961544bd889700f by Eike Hein. Committed on 03/11/2014 at 11:57. Pushed by hein into branch '1.5'. Switch to KTcpSocket::SecureProtocols. This bumps the kdelibs version requirement to v4.9.0. M +1 -1 CMakeLists.txt M +1 -1 src/irc/server.cpp http://commits.kde.org/konversation/718a37c810718ddc297174046961544bd889700f *** Bug 340857 has been marked as a duplicate of this bug. *** |