From 0e2a750004579d7c32b1841bbc0ae6cbeef82f62 Mon Sep 17 00:00:00 2001
From: Philipp Balzarek <p.balzarek@googlemail.com>
Date: Fri, 6 Dec 2013 14:19:49 +0100
Subject: [PATCH] move TLS default parameters to Network.Xmpp.Types and add
 weaker AES-SHA1-based ciphers for compatibility with facebook

---
 source/Network/Xmpp/Tls.hs   |  4 +---
 source/Network/Xmpp/Types.hs | 14 ++++++++++----
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/source/Network/Xmpp/Tls.hs b/source/Network/Xmpp/Tls.hs
index 6d40f0a..f7668fd 100644
--- a/source/Network/Xmpp/Tls.hs
+++ b/source/Network/Xmpp/Tls.hs
@@ -19,6 +19,7 @@ import                 Data.IORef
 import                 Data.XML.Types
 import                 Network.DNS.Resolver (ResolvConf)
 import                 Network.TLS
+import                 Network.TLS.Extra
 import                 Network.Xmpp.Stream
 import                 Network.Xmpp.Types
 import                 System.Log.Logger (debugM, errorM, infoM)
@@ -111,9 +112,6 @@ client :: (MonadIO m, CPRG rng) => Params -> rng -> Backend -> m Context
 client params gen backend  = do
     contextNew backend params gen
 
-xmppDefaultParams :: Params
-xmppDefaultParams = defaultParamsClient
-
 tlsinit :: (MonadIO m, MonadIO m1) =>
         TLSParams
      -> Backend
diff --git a/source/Network/Xmpp/Types.hs b/source/Network/Xmpp/Types.hs
index 6b00f3c..a9352d3 100644
--- a/source/Network/Xmpp/Types.hs
+++ b/source/Network/Xmpp/Types.hs
@@ -48,6 +48,7 @@ module Network.Xmpp.Types
     , StreamErrorInfo(..)
     , ConnectionDetails(..)
     , StreamConfiguration(..)
+    , xmppDefaultParams
     , Jid(..)
 #if WITH_TEMPLATE_HASKELL
     , jidQ
@@ -1032,6 +1033,14 @@ data StreamConfiguration =
                         , tlsParams :: TLSParams
                         }
 
+-- | Default parameters for TLS. Those are the default client parameters from the tls package with the ciphers set to ciphersuite_strong
+xmppDefaultParams :: Params
+xmppDefaultParams = defaultParamsClient{ pCiphers = ciphersuite_strong
+                                                    ++ [ cipher_AES256_SHA1
+                                                       , cipher_AES128_SHA1
+                                                       ]
+                                       }
+
 instance Default StreamConfiguration where
     def = StreamConfiguration { preferredLang     = Nothing
                               , toJid             = Nothing
@@ -1039,10 +1048,7 @@ instance Default StreamConfiguration where
                               , resolvConf        = defaultResolvConf
                               , establishSession  = True
                               , tlsBehaviour      = PreferTls
-                              , tlsParams = defaultParamsClient { pConnectVersion = TLS10
-                                                                , pAllowedVersions = [TLS10, TLS11, TLS12]
-                                                                , pCiphers = ciphersuite_strong
-                                                                }
+                              , tlsParams         = xmppDefaultParams
                               }
 
 -- | How the client should behave in regards to TLS.