Please convert to use the system's crypto policy for SSL and TLS: https://fedoraproject.org/wiki/Packaging:CryptoPolicies If this program is compiled against gnutls, change the default priority string to be "@SYSTEM" or to use gnutls_set_default_priority(). If this program is compiled against openssl, and there is no default cipher list specified, you don't need to modify it. Otherwise replace the default cipher list with "PROFILE=SYSTEM". In both cases please verify that the application uses the system's crypto policies. If the package is already using the system-wide crypto policies, or it does not use SSL or TLS, no action is required, the bug can simply be closed.
As far as I can tell jabberd2 does not support specifying a cipher list anywhere in its configuration files. The cipher list is hardcoded.
Then it should be hard coded to our accepted cipher list. Please, see the link in the packaging guidelines above.
Created attachment 995521 [details] suggested patch (In reply to Nikos Mavrogiannopoulos from comment #2) > Then it should be hard coded to our accepted cipher list. Please, see the > link in the packaging guidelines above. spec file has BuildRequires: openssl-devel and I found this code: // Set allowed ciphers if (SSL_CTX_set_cipher_list(ctx, "ALL:!LOW:!SSLv2:!EXP:!aNULL") != 1) { _sx_debug(ZONE, "Can't set cipher list for SSL context: %s", ERR_error_string(ERR_get_error(), NULL)); SSL_CTX_free(ctx); return 1; } so the attached patch should do The Right Thing™, right? Also, how old OpenSSL does support this? Will this work on RHEL-6?
According to discussion on IRC, this Fedora 21+ only,
jabberd-2.3.2-4.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/jabberd-2.3.2-4.fc22
Package jabberd-2.3.2-4.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing jabberd-2.3.2-4.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-2761/jabberd-2.3.2-4.fc22 then log in and leave karma (feedback).
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle. Changing version to '22'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22
jabberd-2.3.2-4.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.