#980 new enhancement

SSL: certificate pinning

Reported by: ilf@… Owned by:
Priority: normal Milestone:
Component: BitlBee Version: devel
Keywords: ssl Cc:
IRC client+version: Client-independent Operating System: Public server
OS version/distro:


Currently, SSL certificates are verified via domain name and X.509 Certificate Authorities. I'd like to bypass both via certificate pinning.

I propose an account setting "tls_fingerprint", taking the SHA1 of a certificate.

That way, I can manually enter one specific fingerprint for this account, not having to trust the CA-cartel. And I can verify it against an IP, not needing DNS.

I also propose to use "trust on first use" for all new accounts, showing the fingerprint and saying "is this really the fingerprint you want to trust" like OpenSSH.

Attachments (0)

Change History (5)

comment:1 Changed at 2014-02-11T11:07:43Z by ilf@…

After all the NSA revelations, I wanted to open a ticket for this, and realized I had already done it a year before the Snowden leaks started. Maybe someone(TM) will want to have another look at this?

Other developments in the meantime:

comment:2 Changed at 2014-07-07T09:18:37Z by dx

Priority: normalpony

uhhh, patches welcome.

comment:3 Changed at 2015-04-01T03:24:24Z by dx

FWIW, you get this when using libpurple, and i'd love to have this at some point without it, but I looked at how libpurple does it and it's a huge chunk of complicated SSL library code. I'll give it a look some day.

comment:4 Changed at 2015-11-26T19:25:23Z by dx

Priority: ponynormal

I'm going to need to do this at some point as part of bigger certificate validation related changes, so bumping priority back up.

I think it doesn't need to be as complicated as what libpurple does, but still would require annoying changes to the ssl api. I hate API stuff. I'll try to figure out a way to avoid them.

comment:5 Changed at 2016-03-09T22:47:11Z by ilf

Another bump for this. People have just discovered Tor-Exit-Nodes actively attacking XMPP-Connections with Man-In-The-Middle TLS-Attacks, exactly what pinning prevents:

Modify Ticket

as new The ticket will remain with no owner.

Add Comment

E-mail address and name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.