From: Michael Catanzaro
Date: Sat, 24 Aug 2013 23:56:02 +0000 (-0500)
Subject: help: caution users about using Ignore SSL Errors
X-Git-Url: https://git.0d.be/?p=empathy.git;a=commitdiff_plain;h=bfbed98da971b55fe4f09987c5dad6bd5e66ad1d
help: caution users about using Ignore SSL Errors
Trusting the server is no reason to ignore SSL errors. SSL is what you
use to make sure you're talking to the server you trust
https://bugzilla.gnome.org/show_bug.cgi?id=705326
---
diff --git a/help/C/account-jabber.page b/help/C/account-jabber.page
index 116d7d1b..0fbc2bad 100644
--- a/help/C/account-jabber.page
+++ b/help/C/account-jabber.page
@@ -10,6 +10,7 @@
-->
+
Shaun McCance
shaunm@gnome.org
@@ -50,10 +51,12 @@
required to prevent Empathy from communicating with
the Jabber server when encryption is not possible.
Some Jabber servers may encrypt data using invalid certificates,
- or using certificates from unknown authorities. If you trust the
- server you are connecting to, you can select Ignore SSL
- certificate errors to allow encrypted communication with
- invalid certificates.
+ or using certificates signed by unknown authorities. You can select
+ Ignore SSL certificate errors to allow encrypted communication
+ with invalid certificates, but this allows an attacker to intercept your
+ communication with the server (including your password). You might want to
+ use this option for testing purposes, or if your server is broken and you
+ do not care about the security of your communication.
-
Resource