Logs for jdev@conference.jabber.org
[00:09:15] * Flow left the chat.
[00:09:22] * Flow joined the chat.
[00:11:15] * naw left the chat.
[00:24:54] * Flow left the chat.
[00:37:54] * Lance left the chat.
[01:12:54] * KevWalke left the chat.
[01:16:06] * Maranda joined the chat.
[01:53:10] * stpeter joined the chat.
[01:53:11] * stpeter left the chat.
[02:05:19] * waqas left the chat.
[02:18:58] * jcea left the chat.
[02:24:28] * Lance joined the chat.
[02:43:13] * Maranda left the chat.
[02:43:38] * Lance left the chat.
[02:46:27] * Lance joined the chat.
[02:47:47] * stpeter joined the chat.
[02:49:28] * stpeter left the chat.
[02:50:46] * waqas joined the chat.
[02:56:26] * Philonous left the chat.
[02:56:55] * Philonous joined the chat.
[03:15:36] * stpeter joined the chat.
[03:15:36] * stpeter left the chat.
[03:22:32] * Lance left the chat.
[03:25:20] * MattJ left the chat.
[03:25:23] * MattJ joined the chat.
[03:49:26] * Tobias joined the chat.
[03:50:27] * tato left the chat.
[03:53:42] * Tobias left the chat.
[04:03:07] * deryni joined the chat.
[04:20:30] * deryni left the chat.
[04:21:11] * deryni joined the chat.
[04:32:02] * tato joined the chat.
[04:38:48] * Philonous left the chat.
[04:38:49] * Philonous joined the chat.
[05:20:53] * bear left the chat.
[05:21:50] * bear joined the chat.
[05:25:06] * edwinm joined the chat.
[06:21:50] * ermine joined the chat.
[06:42:32] * edwinm left the chat.
[07:41:38] * edwinm joined the chat.
[07:47:46] * Kev left the chat.
[07:49:28] * KevWalke joined the chat.
[08:14:02] * Alex joined the chat.
[08:16:42] * edwinm left the chat.
[08:27:34] * Lloyd joined the chat.
[08:29:42] * 0xAFFE joined the chat.
[08:46:20] * Flow joined the chat.
[09:06:58] * timothee.jaussoin joined the chat.
[09:07:01] * timothee.jaussoin left the chat.
[09:27:59] * bear left the chat.
[09:47:01] * KevWalke left the chat.
[09:52:53] * Tobias left the chat.
[10:12:24] * Flow left the chat.
[10:20:57] * Tobias joined the chat.
[10:56:45] * Flow joined the chat.
[11:09:30] * Kev joined the chat.
[11:13:49] <> Hey!
[11:13:59] <> I came across this quote: https://twitter.com/lvh/status/410341081876668416
[11:14:10] <> "Public service ann.: TLSv1_METHOD probably doesn't mean what you think it means. You want SSLv23_METHOD with OP_NO_SSLv2
| OP_NO_SSLv3."
[11:16:14] <> Now, I was wondering if and how that applies to XMPP. With SSLv23_METHOD, you have a SSLv2 hello, and then select which protocol
versions you don't want to support.
[11:17:07] <> Why do you want the SSLv2 hello?
[11:17:08] <> However, with TLSv1_METHOD, you send a TLSv1 hello, and support only TLSv1 (and not higher)
[11:18:15] <> There's no way (in OpenSSL) that allows you to say you want TLSv1 *and* higher without using SSLv23_METHOD and thus SSL hellos.
[11:18:22] <> (If I understand correctly)
[11:18:31] <> That's correct.
[11:18:40] <> xnyhps: so is this a problem?
[11:18:56] <> xnyhps: what do you recommend here?
[11:19:04] <> If you set SSLv23, but OP_NO_SSLv2, you won't do a SSLv2 compatible handshake.
[11:19:28] <> Sorry, I mean, that's almost correct. :)
[11:19:32] <> xnyhps: so you agree with the "service announcement"?
[11:19:42] <> Yes.
[11:20:01] <> I wonder how many implementations do this correctly then.
[11:20:18] <> It's a pretty confusing situation, I've seen Mercurial do it wrong at some point.
[11:20:46] <> ralphm: Well, "Correctly". Neither is technically wrong, from my reading of the above.
[11:22:34] <> Mercurial enabled "SSLv3_METHOD", assuming it would enable SSLv3 and above. But that did actually disable TLS 1.0 and above.
[11:22:48] <> right
[11:23:21] <> Kev: I am wondering which implementations use TLSv1_METHOD and will not be able to interact with TLS > 1.0 entities
[11:23:40] <> I was also reminded of this: http://twistedmatrix.com/trac/ticket/3463
[11:24:12] <> Kev: and also, if they do use SSLv23_METHOD, do they disable SSLv2 and SSLv3?
[11:24:26] * tato left the chat.
[11:24:40] <> Well, disabling v3 and v2 are somewhat different.
[11:25:04] <> In Twisted, again, the default implementation, that is used by Wokkel, only uses OP_NO_SSLv2
[11:25:06] <> v2 needs to be disabled. v3 is still in fairly widespread use, and isn't significantly worse than TLS1, as I understand it.
[11:25:26] <> Kev: sure, I am looking at this with xnyhps prose in mind.
[11:25:41] <> So SSLv23_METHOD + OP_NO_SSLv2 is probably reasonable.
[11:25:49] <> Speaking from my position of ignorance :)
[11:25:57] <> If we would want to upgrade to TLSv1.1 and beyond, this may be an issue?
[11:26:11] <> (using TLSv1_METHOD, that is)
[11:28:00] <> I suspect you'll just have to treat the SSLv23_METHOD identifier as an opaque string, and not think about the meaning behind
it. This seems more like an API naming bug in OpenSSL than anything.
[11:28:51] * Maranda joined the chat.
[11:28:55] <> waqas: I'm not talking about the name.
[11:29:06] <> (that indeed was a sad choice)
[11:29:57] <> waqas: I'm talking about if there are implementations that do TLSv1_METHOD, and if so, can we detect this. Because I suspect
this will be an issue *later*.
[11:31:53] <> Detecting it externally would be imperfect. Such an implementation would only support TLS1.0, and nothing else. But you'll
get that in e.g., Ubuntu (Ubuntu was the one where TLS1.1 and 1.2 were not compiled in by default?) when the admin disables
SSLv2 and v3.
[11:32:19] <> I suspect from outside both these cases would look the same.
[11:32:28] <> (only in the client)
[11:33:01] <> waqas: so this was really my questions. Do the hellos differ if you use TLSv1_METHOD or SSLv23_METHOD with <1.0 disabled.
[11:33:17] <> (giventhat TLS > 1.0 are not compiled in)
[11:33:57] <> I'm guessing that they don't differ, but that's a wild guess without any evidence, so ignore me :)
[11:34:23] <> xnyhps: Tell us!
[11:34:48] <> I also note this ticket by Simon: https://github.com/node-xmpp/node-xmpp/issues/192
[11:35:13] <> I think the hellos are the same.
[11:36:01] <> In fact, I think I even saw that the TLSv1_METHOD hello and the SSLv23_METHOD with only SSLv2 disabled had the same hello.
[11:36:25] <> xnyhps: ok.
[11:37:04] <> well, given that Twisted ticket above, about issues connecting to GTalk, I *suspect* that most client implementations do SSLv23_METHOD
anyway.
[11:37:30] <> (there's a similar one for Gajim: https://trac.gajim.org/ticket/3786)
[11:38:58] <> xmpp.net has 29 servers where only TLS 1.0 is supported.
[11:40:04] <> xnyhps: but that's the receiving side, yes?
[11:40:11] <> Yes.
[11:43:41] <> Hmm, I think Twisted actually uses TLSv1_METHOD anyway.
[12:19:37] * jabberjocke joined the chat.
[12:24:19] * jabberjocke left the chat.
[12:30:43] * jabberjocke joined the chat.
[12:42:02] * aaa joined the chat.
[12:42:37] * aaa left the chat.
[12:44:27] * jcea joined the chat.
[13:13:21] * stpeter joined the chat.
[13:13:23] * stpeter left the chat.
[13:13:23] * stpeter joined the chat.
[13:24:29] * waqas left the chat.
[13:32:40] * stpeter left the chat.
[13:32:40] * stpeter joined the chat.
[13:37:31] * stpeter left the chat.
[13:40:41] * edwinm joined the chat.
[13:52:21] * naw joined the chat.
[14:04:50] * jabberjocke left the chat.
[14:11:48] * scippio left the chat.
[14:12:00] * waqas joined the chat.
[14:13:57] * scippio joined the chat.
[14:14:04] * deryni left the chat.
[14:14:26] * deryni joined the chat.
[14:15:08] * edwinm left the chat.
[14:15:09] * edwinm joined the chat.
[14:25:40] * ralphm joined the chat.
[14:38:28] * naw left the chat.
[14:38:34] * Maranda left the chat.
[14:41:22] * Maranda joined the chat.
[14:54:07] * Maranda left the chat.
[14:56:10] * Maranda joined the chat.
[14:56:19] * Maranda left the chat.
[14:56:28] * Maranda joined the chat.
[14:58:37] * edwinm left the chat.
[14:58:38] * edwinm joined the chat.
[15:01:07] * timothee.jaussoin joined the chat.
[15:26:48] * edwinm left the chat.
[15:26:50] * edwinm joined the chat.
[15:29:55] * Maranda left the chat.
[15:30:00] * Maranda joined the chat.
[15:31:01] * Maranda left the chat.
[16:08:38] * stpeter joined the chat.
[16:09:40] * stpeter left the chat.
[16:09:40] * stpeter joined the chat.
[16:16:04] * timothee.jaussoin left the chat.
[16:20:58] * Lance joined the chat.
[16:31:25] * Alex left the chat.
[16:36:34] * stpeter left the chat.
[16:38:10] * Maranda joined the chat.
[16:39:28] * waqas left the chat.
[16:39:32] <> it seems there're a lot of servers out there which just accept dialback but don't advertise its support...
[16:39:54] <> /me found a few versions of ejabberd doing that and also MU Conference.
[16:46:08] * stpeter joined the chat.
[16:48:34] * bear joined the chat.
[16:55:27] * aRyo joined the chat.
[16:58:25] * waqas joined the chat.
[17:02:30] * waqas left the chat.
[17:02:30] * waqas joined the chat.
[17:02:34] * aRyo left the chat.
[17:03:48] * waqas left the chat.
[17:03:50] * waqas joined the chat.
[17:04:50] * Flow left the chat.
[17:04:57] * Flow joined the chat.
[17:08:48] * waqas left the chat.
[17:08:49] * waqas joined the chat.
[17:13:27] * Lloyd left the chat.
[17:13:49] * waqas left the chat.
[17:13:50] * waqas joined the chat.
[17:17:15] * waqas left the chat.
[17:17:16] * waqas joined the chat.
[17:20:03] * waqas left the chat.
[17:20:04] * waqas joined the chat.
[17:20:46] * waqas left the chat.
[17:21:40] * Flow left the chat.
[17:27:47] * waqas joined the chat.
[17:33:44] * edwinm left the chat.
[17:38:23] * 0xAFFE left the chat.
[17:49:00] * Tobias left the chat.
[17:49:36] * Kev left the chat.
[17:56:12] * Alex joined the chat.
[18:26:28] * Maranda left the chat.
[18:26:32] * Maranda joined the chat.
[18:34:13] * stpeter left the chat.
[18:43:35] * Tobias joined the chat.
[18:44:33] * edwinm joined the chat.
[18:54:55] * ermine left the chat.
[18:55:19] * edwinm left the chat.
[19:02:06] <> oh, nice. missing info in MUC schema
[19:19:16] * naw joined the chat.
[19:24:17] * tato joined the chat.
[19:28:02] * stpeter joined the chat.
[19:28:05] * stpeter left the chat.
[19:28:05] * stpeter joined the chat.
[19:31:38] * MattJ_ left the chat.
[19:33:44] * stpeter left the chat.
[19:35:55] * jcea left the chat.
[19:39:29] * Flow joined the chat.
[19:41:36] * Maranda left the chat.
[19:51:15] * deryni left the chat.
[19:52:10] * deryni joined the chat.
[20:15:47] * Tobias left the chat.
[20:20:09] * Tobias joined the chat.
[20:32:51] * waqas left the chat.
[20:40:59] * tato left the chat.
[20:43:35] * stpeter joined the chat.
[20:43:37] * stpeter left the chat.
[21:07:57] * Asterix joined the chat.
[21:13:17] * uls_ joined the chat.
[21:25:26] * uls_ left the chat.
[21:25:49] * uls_ joined the chat.
[21:29:30] * tato joined the chat.
[21:29:30] * tato left the chat.
[21:30:08] * tato joined the chat.
[21:30:20] * tato left the chat.
[21:30:38] * tato joined the chat.
[21:30:44] * tato left the chat.
[21:31:17] * tato joined the chat.
[21:31:19] * tato left the chat.
[21:33:46] * Kev joined the chat.
[21:39:06] * Lance left the chat.
[21:43:09] * uls_ left the chat.
[21:47:55] * uls_ joined the chat.
[21:59:15] * Asterix left the chat.
[21:59:56] * Tobias left the chat.
[22:02:38] * uls_ left the chat.
[22:04:12] * waqas joined the chat.
[22:05:24] * uls_ joined the chat.
[22:08:23] * Kev left the chat.
[22:09:36] * Alex left the chat.
[22:11:07] * tato joined the chat.
[22:12:16] * scippio left the chat.
[22:14:31] * scippio joined the chat.
[22:16:32] * Lance joined the chat.
[22:26:59] * Tobias joined the chat.
[22:28:29] * stpeter joined the chat.
[22:30:04] * stpeter left the chat.
[22:30:04] * stpeter joined the chat.
[22:37:12] * stpeter left the chat.
[22:46:03] * naw left the chat.
[23:02:37] * tato left the chat.
[23:07:20] * tato joined the chat.
[23:07:25] * tato left the chat.
[23:10:35] * waqas left the chat.
[23:14:57] * tato joined the chat.
[23:15:13] * tato left the chat.
[23:15:59] * Florob joined the chat.
[23:17:39] * tato joined the chat.
[23:27:34] * stpeter joined the chat.
[23:48:57] * waqas joined the chat.
[23:58:16] * KevWalke joined the chat.