Ticket #756 (new defect)

Opened 2 years ago

Last modified 2 years ago

Unsecure SSL connection

Reported by: anonymous Assigned to: timothy
Priority: highest Component: Chat Core (IRC)
Version: Latest 2.1 Severity: critical
Keywords: Cc:

Description (Last modified by rinoa)

I find SSL connection handling in Colloquy unsecure. Server's SSL certificate is not checked for validity and as such the connection could be compromised by man in the middle attack.

Colloquy should prompt the user about invalid certificate or at least there should be an option to turn such check on.

I find this critical as it prevents using Colloquy in certain security driven scenarios.

Change History

08/20/06 21:04:17 changed by rinoa

  • version changed from 2.0 (2D16) to Latest 2.1.
  • description changed.