Kim Alvefur <zash@zash.se> [Sun, 25 Aug 2019 20:22:35 +0200] rev 10228
core.certmanager: Move EECDH ciphers before EDH in default cipherstring
The original intent of having kEDH before kEECDH was that if a `dhparam`
file was specified, this would be interpreted as a preference by the
admin for old and well-tested Diffie-Hellman key agreement over newer
elliptic curve ones. Otherwise the faster elliptic curve ciphersuites
would be preferred. This didn't really work as intended since this
affects the ClientHello on outgoing s2s connections, leading to some
servers using poorly configured kEDH.
With Debian shipping OpenSSL settings that enforce a higher security
level, this caused interoperability problems with servers that use DH
params smaller than 2048 bits. E.g. jabber.org at the time of this
writing has 1024 bit DH params.
MattJ says
> Curves have won, and OpenSSL is less weird about them now
Kim Alvefur <zash@zash.se> [Fri, 23 Aug 2019 01:28:53 +0200] rev 10227
mod_storage_internal: Include last text message
A protocol built on this API now allows showing a list of unread
conversations with a counter, ordered by either oldest or newest
message, along with the text body itself.
Kim Alvefur <zash@zash.se> [Fri, 23 Aug 2019 01:15:44 +0200] rev 10226
mod_storage_*: Also include timestmap of first message in :summary API
For completeness along with most recent timestamp. Might be nice to be
able to order by oldest unread message.
Kim Alvefur <zash@zash.se> [Fri, 23 Aug 2019 01:10:27 +0200] rev 10225
mod_storage_*: Include timestamp of latest message in :summary API
Clients may want to show a list of conversations ordered by how
timestamp of most recent message.
The counts allow a badge with unread message counter.
Kim Alvefur <zash@zash.se> [Fri, 23 Aug 2019 01:04:00 +0200] rev 10224
mod_storage_*: Tweak :summary API to allow future expansion with more fields
Eg might want to include last message, timestamp, chat state or other info.
Kim Alvefur <zash@zash.se> [Thu, 22 Aug 2019 01:00:31 +0200] rev 10223
mod_auth_internal_hashed: Precompute SCRAM authentication profile name (thanks MattJ)
Kim Alvefur <zash@zash.se> [Sun, 13 Jan 2019 14:02:56 +0100] rev 10222
mod_auth_internal_hashed: Add support for optionally using SCRAM-SHA-256 instead of SHA-1
This will currently require a hard reset of all passwords back to plain.
This will be least painful on new deployments.
Kim Alvefur <zash@zash.se> [Sun, 13 Jan 2019 14:02:29 +0100] rev 10221
util.sasl.scram: Add support for SCRAM-SHA-256
Kim Alvefur <zash@zash.se> [Sun, 13 Jan 2019 14:01:31 +0100] rev 10220
util.sasl.scram: Factor out SHA-1 specific getAuthenticationDatabaseSHA1
This makes the code more generic, allowing SHA-1 to be replaced
Kim Alvefur <zash@zash.se> [Thu, 22 Aug 2019 22:23:04 +0200] rev 10219
mod_vcard_legacy: Use PEP nickname if vcard4 data is unavailable
Last remaining nice feature from mod_profile.
Allows setting eg nickname and avatar as completely public while
restricting private details in vcard4 to only contacts.