Ticket #756 (new Defect)

Opened 4 years ago

Last modified 3 years ago

Unsecure SSL connection

Reported by: anonymous Owned by: timothy
Priority: Highest Milestone:
Component: Chat Core (IRC) Version: 2.1 (Mac)
Severity: Critical Keywords:
Cc:

Description (last modified by rinoa) (diff)

I find SSL connection handling in Colloquy unsecure. Server's SSL certificate is not checked for validity and as such the connection could be compromised by man in the middle attack.

Colloquy should prompt the user about invalid certificate or at least there should be an option to turn such check on.

I find this critical as it prevents using Colloquy in certain security driven scenarios.

Change History

Changed 4 years ago by rinoa

  • version changed from 2.0 (2D16) to Latest 2.1
  • description modified (diff)
Note: See TracTickets for help on using tickets.