On Fri, Oct 17, 2014 at 9:27 AM, Lois Janes <loistja...@mail.com> wrote:
> Is Pidgin vulnerable to the POODLE SSLv3 vulnerability? > > I know that Pidgin doesn't offer a way to disable SSLv3 support, so I'm > specifically interested in whether Pidgin is suseptible to a TLS/SSL > downgrade attack? > > Does Pidgin retry failed connections with lower SSL/TLS protocol versions? > > Does Pidgin support TLS_FALLBACK_SCSV? > The answer to all these questions depends on which SSL/TLS (gnutls or NSS) library you're using with pidgin and the configuration of that library (which will depend on your OS). Pidgin/libpurple itself has no direct interaction with the SSL/TLS handshake process. -D > Lois > > _______________________________________________ > Support@pidgin.im mailing list > Want to unsubscribe? Use this link: > https://pidgin.im/cgi-bin/mailman/listinfo/support >
_______________________________________________ Support@pidgin.im mailing list Want to unsubscribe? Use this link: https://pidgin.im/cgi-bin/mailman/listinfo/support