❌ Software Removal | Frendica #2355
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#2355
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
I propose the removal of Frendica.
Why I am making the suggestion
The Frendica website does not support AEAD Cipher.
This means that the website cannot be viewed securely.
https://friendi.ca/
My connection with the software
No connection
The website uses HTTPS, so it seems that it can be viewed securely.
Edit: I should have been more specific in my initial reply. Not supporting AEADs does not immediately make things insecure. AES-CBC + HMAC is a common combination that is secure when implemented correctly and still widely used. In fact, using HMAC can actually lead to better security than using AEADs like AES-GCM. The TLS version is what's important here, and the website is using TLS 1.2 in most cases, which is fine (please see my later reply).
I tried 6 server from https://dir.friendica.social/servers and ALL supported TLS 1.3.
TLS 1.3 spec:
https://www.ssllabs.com/ssltest/analyze.html?d=friendi.ca&s=217.197.80.132
It uses TLS 1.2 for me. It's really not great that it supports TLS 1.0 and 1.1 and doesn't support TLS 1.3, but TLS 1.2 is acceptable if configured properly and is still used by the majority of websites.
Why do you keep going off topic?
I have a problem with the lack of AES-GCM (or Chacha20) in the cipher list.
I don't see the TLS version as a problem.
https://www.ssllabs.com/ssltest/analyze.html?d=friendi.ca&s=217.197.80.132
The cipher list has to do with the TLS version.
TLS 1.0 / TLS 1.1: unsecure
TLS 1.2: secure/unsecure (AES-GCM/ChaCha20/... and legacy ciphers)
TLS 1.3: secure (only secure ciphers)
It's only their homepage. Login is done on other servers.
@cookiepanda1 did you contacted friendica?
@freddy-m I believe this issue can be closed.