move TLS default parameters to Network.Xmpp.Types and add weaker AES-SHA1-based ciphers for compatibility with facebook

12 years ago · 0e2a750004
2 changed files with 11 additions and 7 deletions
--- a/source/Network/Xmpp/Tls.hs
+++ b/source/Network/Xmpp/Tls.hs
@ -19,6 +19,7 @@ import                 Data.IORef
				@@ -19,6 +19,7 @@ import                 Data.IORef
 import                 Data.XML.Types
 import                 Network.DNS.Resolver (ResolvConf)
 import                 Network.TLS
+import                 Network.TLS.Extra
 import                 Network.Xmpp.Stream
 import                 Network.Xmpp.Types
 import                 System.Log.Logger (debugM, errorM, infoM)
@ -111,9 +112,6 @@ client :: (MonadIO m, CPRG rng) => Params -> rng -> Backend -> m Context
				@@ -111,9 +112,6 @@ client :: (MonadIO m, CPRG rng) => Params -> rng -> Backend -> m Context
 client params gen backend  = do
    contextNew backend params gen

-xmppDefaultParams :: Params
-xmppDefaultParams = defaultParamsClient
-
 tlsinit :: (MonadIO m, MonadIO m1) =>
        TLSParams
     -> Backend
--- a/source/Network/Xmpp/Types.hs
+++ b/source/Network/Xmpp/Types.hs
@ -48,6 +48,7 @@ module Network.Xmpp.Types
				@@ -48,6 +48,7 @@ module Network.Xmpp.Types
    , StreamErrorInfo(..)
    , ConnectionDetails(..)
    , StreamConfiguration(..)
+    , xmppDefaultParams
    , Jid(..)
 #if WITH_TEMPLATE_HASKELL
    , jidQ
@ -1032,6 +1033,14 @@ data StreamConfiguration =
				@@ -1032,6 +1033,14 @@ data StreamConfiguration =
                        , tlsParams :: TLSParams
                        }

+-- | Default parameters for TLS. Those are the default client parameters from the tls package with the ciphers set to ciphersuite_strong
+xmppDefaultParams :: Params
+xmppDefaultParams = defaultParamsClient{ pCiphers = ciphersuite_strong
+                                                    ++ [ cipher_AES256_SHA1
+                                                       , cipher_AES128_SHA1
+                                                       ]
+                                       }
+
 instance Default StreamConfiguration where
    def = StreamConfiguration { preferredLang     = Nothing
                              , toJid             = Nothing
@ -1039,10 +1048,7 @@ instance Default StreamConfiguration where
				@@ -1039,10 +1048,7 @@ instance Default StreamConfiguration where
                              , resolvConf        = defaultResolvConf
                              , establishSession  = True
                              , tlsBehaviour      = PreferTls
-                              , tlsParams = defaultParamsClient { pConnectVersion = TLS10
-                                                                , pAllowedVersions = [TLS10, TLS11, TLS12]
-                                                                , pCiphers = ciphersuite_strong
-                                                                }
+                              , tlsParams         = xmppDefaultParams
                              }

 -- | How the client should behave in regards to TLS.