GNOME Bugzilla – Bug 730892
Polari should support SSL connections and authentication
Last modified: 2016-02-18 00:20:43 UTC
For my IRC usage, I use a Bip proxy to maintain a presence on IRC. I then have my IRC client connect to that proxy using a secure connection. I would like to use Polari but cannot since it doesn't currently support SSL connections or authentication.
*** Bug 740572 has been marked as a duplicate of this bug. ***
Created attachment 305586 [details] [review] Connections: Attempt SSL connection when updating account Polari now tries to establish an SSL connection with the server and falls back on non-SSL should the server not support it. (proof-of-concept patch.) Some issues for discussion: - At the moment we always try non-SSL, no matter what reason the initial SSL attempt failed with. If I try to connect to a non-SSL server like "dreamhack.se.quakenet.org", the DBus error (account.connection_error) is org.freedesktop.Telepathy.Error.NetworkError, though (Not org.freedesktop.Telepathy.Error.EncryptionNotAvailable, which telepathy-idle doesn't seem to emit hmm..) - If we connect to irc.gnome.org with SSL, we get a dialog about untrusted connection. As described in https://wiki.gnome.org/Sysadmin/IRC, irc.gnome.org will redirect to some other server which is what is causing these dialogs. I don't know if we want to try to avoid getting these dialogs somehow. - Right now the way we attempt to establish connection is by trying to fetch a roomlist. If there is a better way to attempt to establish connection than this, which can also throw errors if something is wrong, I'd love to know.
this approach sounds dangerous, as it is vulnerable to connection downgrade attacks, a man-in-the-middle could drop SSL handshake packets, which would then make Polari connect over insecure (plain text) connection.
(In reply to Elad Alfassa from comment #3) > this approach sounds dangerous, as it is vulnerable to connection downgrade > attacks, a man-in-the-middle could drop SSL handshake packets, which would > then make Polari connect over insecure (plain text) connection. +1 If the connection is configured to use SSL then it should not ever fallback to non-SSL on failure: it should just fail.
A safer way to implement this would be having a "Use secured connection" checkbox. I know it kinda sucks for UX, but all other choices compromise user safety. If you want to make sure users are extra safe, you could try using SSL / TLS even if the said checkbox is unchecked, and if you succeed keep it stored somewhere, then for the next connection automatically connect securely as if the user has selected "use secured connection" (without falling back to insecure connection). Also, it would be very useful to support the STARTTLS extension for IRC for opportunistic encryption: http://ircv3.net/specs/extensions/tls-3.1.html
(In reply to Elad Alfassa from comment #3) > this approach sounds dangerous, as it is vulnerable to connection downgrade > attacks, a man-in-the-middle could drop SSL handshake packets, which would > then make Polari connect over insecure (plain text) connection. Note that the idea here is to *only* do this on account creation, not every time we connect. For existing accounts, the behavior should be as in comment #4 (and if you absolutely need a checkbox, there's one on online accounts ...)
(In reply to Bastian Ilsø from comment #2) > - If we connect to irc.gnome.org with SSL, we get a dialog about untrusted > connection. As described in https://wiki.gnome.org/Sysadmin/IRC, > irc.gnome.org will redirect to some other server which is what is causing > these dialogs. I don't know if we want to try to avoid getting these dialogs > somehow. You need to not try to connect to irc.gnome.org, but instead connect to irc.eagle.y.se, irc.acc.umu.se, irc.gimp.ca, or irc.poop.nl, since those servers send certificates that are valid only for their own domains and not for irc.gnome.org. I think that's silly, since it means the list of servers is hard to change as they're hardcoded into clients, but that's how it is. To be clear: it is wrong to attempt a TLS connection to irc.gnome.org. I say TLS because I hope telepathy doesn't use SSL anymore (though I have no confidence this is the case), so user-visible labels should say TLS instead of SSL.
Created attachment 320878 [details] [review] connections: Expose setting to connect through TLS So here's the current idea of supporting this - for connections we know about, we can do auto-magic (see bug 761859), for custom connections, we do expose the setting to the user.
Created attachment 321368 [details] [review] connections: Expose setting to connect through TLS Rebased to master.
Attachment 321368 [details] pushed as b766dcb - connections: Expose setting to connect through TLS