mirror of
https://github.com/mumble-voip/mumble.git
synced 2025-10-26 11:19:16 +00:00
8bd3f76a8e
This change allows server admins to specify Diffie-Hellman
parameters for Murmur to use. This is done using the sslDHParams
option in the config file. Diffie-Hellman parameters can also be
set on a per-server basis using the sslDHParams option.
Note: the functionality implemented in this change requires the
QSslDiffieHellmanParameters class in Qt, which has not yet landed
upstream in the Qt 5 'dev' branch. This means that the functionality
discussed in this change will, for now, only work in binaries provided
by the Mumble project, or binaries that are built using our build
environments, and not binaries that link against any released versions
of Qt at present.
This change modifies the default TLS cipher suite string to add
EDH+aRSA+AESGCM, DHE-RSA-AES256-SHA and DHE-RSA-AES128-SHA.
This yields the following ciphers, in TLS/RFC notation:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
This change also allows Murmur servers to provide forward secrecy
to older clients, such as our own pre-built binaries before 1.2.9.
It also provides forward secrecy for users that use Mumble 1.2.x
versions on Linux distros, and other Unix-like systems. This is
because Mumble 1.2.x on Unix-like systems builds against Qt 4, which
limits the connection to TLS 1.0.
Before this change, Murmur was not able to negotiate an ephemeral
Diffie-Hellman key exchange for those clients. This is now possible.
|
||
|---|---|---|
| .. | ||
| development | ||
| server | ||
| gen-mumble_app-qt-def.py | ||
| generate-ApplicationPalette-class.py | ||
| generate-qrc.py | ||
| git2cl.pl | ||
| mkflags.pl | ||
| mkini-win32.bat | ||
| mkini.sh | ||
| mklic.pl | ||
| mkwrapper.pl | ||
| mumble-overlay | ||
| mumble.desktop | ||
| mumble.protocol | ||
| murmur-user-wrapper | ||
| murmur.conf | ||
| murmur.ini | ||
| murmur.init | ||
| murmur.logrotate | ||
| murmur.service | ||
| php.ini | ||
| qt.conf | ||
| release.pl | ||
| scripts.pro | ||
| transtate.py | ||
| ts2html.pl | ||
| updatetranslations.sh | ||