-
Notifications
You must be signed in to change notification settings - Fork 6
Compatibility
Xeres uses the following features which were introduced in later versions of Retroshare:
-
The location id (ssl id) is computed by performing a SHA-256 of the location certificate's PGP signature. Retroshare used to simply take the last 20 bytes of it. This makes it impossible to connect with peers built before November 2017.
-
The PGP certificate signature uses RSA and SHA-256 instead of RSA and SHA-1. Connection with old peers should still be possible because the OpenPGP SDK supports it.
-
PGP certificates aren't hashed twice when signing them. This makes it impossible to connect with peers built before November 2017.
-
Older Retroshare (notably the 0.6.5 release) uses TLS_DHE_RSA to enable perfect forwarding secrecy (PFS). This is not supported by BoringSSL which focuses on TLS 1.3 (which has PFS as well) and that Xeres uses. Retroshare 0.6.6 or higher is fine.