From 548a585b2c4af9b4c2a98faabb8855fcb260daf2 Mon Sep 17 00:00:00 2001
From: Sam Whited <sam@samwhited.com>
Date: Wed, 14 Jan 2015 12:20:02 -0500
Subject: Harden the TLS connection cipher suites

---
 src/main/java/eu/siacs/conversations/Config.java | 26 ++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'src/main/java/eu/siacs/conversations/Config.java')

diff --git a/src/main/java/eu/siacs/conversations/Config.java b/src/main/java/eu/siacs/conversations/Config.java
index 6fe13d93..b269dedf 100644
--- a/src/main/java/eu/siacs/conversations/Config.java
+++ b/src/main/java/eu/siacs/conversations/Config.java
@@ -29,6 +29,32 @@ public final class Config {
 	public static final long MAM_MAX_CATCHUP =  MILLISECONDS_IN_DAY / 2;
 	public static final int MAM_MAX_MESSAGES = 500;
 
+	public static final String ENABLED_CIPHERS[] = {
+		"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+		"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384",
+		"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256",
+		"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+		"TLS_ECDHE_RSA_AES_128_SHA",
+		"TLS_ECDHE_RSA_AES_256_SHA",
+
+		"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
+		"TLS_DHE_RSA_WITH_AES_128_GCM_SHA384",
+		"TLS_DHE_RSA_WITH_AES_256_GCM_SHA256",
+		"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
+
+		"TLS_DHE_RSA_WITH_CAMELLIA_256_SHA",
+
+		// Fallback.
+		"TLS_RSA_WITH_AES_128_GCM_SHA256",
+		"TLS_RSA_WITH_AES_128_GCM_SHA384",
+		"TLS_RSA_WITH_AES_256_GCM_SHA256",
+		"TLS_RSA_WITH_AES_256_GCM_SHA384",
+		"TLS_RSA_WITH_AES_128_CBC_SHA256",
+		"TLS_RSA_WITH_AES_128_CBC_SHA384",
+		"TLS_RSA_WITH_AES_256_CBC_SHA256",
+		"TLS_RSA_WITH_AES_256_CBC_SHA384"
+	};
+
 	private Config() {
 
 	}
-- 
cgit v1.2.3


From 6674a3d7572ad57c16033d5129c57a4ff0a56c35 Mon Sep 17 00:00:00 2001
From: iNPUTmice <daniel@gultsch.de>
Date: Mon, 2 Feb 2015 13:55:56 +0100
Subject: added more ciphers for old openssl versions

---
 src/main/java/eu/siacs/conversations/Config.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/main/java/eu/siacs/conversations/Config.java')

diff --git a/src/main/java/eu/siacs/conversations/Config.java b/src/main/java/eu/siacs/conversations/Config.java
index b269dedf..7a50c47f 100644
--- a/src/main/java/eu/siacs/conversations/Config.java
+++ b/src/main/java/eu/siacs/conversations/Config.java
@@ -52,7 +52,9 @@ public final class Config {
 		"TLS_RSA_WITH_AES_128_CBC_SHA256",
 		"TLS_RSA_WITH_AES_128_CBC_SHA384",
 		"TLS_RSA_WITH_AES_256_CBC_SHA256",
-		"TLS_RSA_WITH_AES_256_CBC_SHA384"
+		"TLS_RSA_WITH_AES_256_CBC_SHA384",
+		"TLS_RSA_WITH_AES_128_CBC_SHA",
+		"TLS_RSA_WITH_AES_256_CBC_SHA",
 	};
 
 	private Config() {
-- 
cgit v1.2.3