[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany)
From: |
Andreas Metzler |
Subject: |
Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany) |
Date: |
Wed, 9 Jun 2010 19:41:18 +0200 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On 2010-06-08 Nikos Mavrogiannopoulos <address@hidden> wrote:
> Andreas Metzler wrote:
> > Hello,
> > this is http://bugs.debian.org/576339
>
> > With GnuTLS versions 2.9.7 and later epiphany is unable to load https
> > sites. Reproducing this is very easy on Debian/unstable
> > (+experimental)
> > sudo apt-get install epiphany-browser
> > sudo apt-get install libgnutls26=2.9.11-1
> > epiphany-browser https://db.debian.org/
> > epiphany simply gets stuck, resending the same request again and
> > again. GnuTLS 2.9.6 and earlier (including 2.8.x) are fine.
> Hi,
> The problem seems to be the support for TLS 1.2. It seems that epiphany
> sets a priority string of "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0". Thus the
> allowed versions are now TLS 1.2 and SSL 3.0. The servers do not support
> TLS 1.2 thus falling back to TLS 1.0 which is not supported.
Shouldn't GnuTLS fall back to the supported protocol (SSL 3.0) in that
case instead of getting stuck?
> A quick fix
> would be to add !VERS-TLS1.2 to epiphany (I have no idea where it is).
The respective code seems to be in libsoup
libsoup2.4-2.30.1/libsoup/soup-gnutls.c
and the explaining comment points to
http://bugzilla.gnome.org/show_bug.cgi?id=581342 as reason. Apparently
epiphany experienced breakage with SSL 3.0 only servers
(www.paypal.com).
While changing the respective initialisation from
gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0", NULL)
to
gnutls_priority_set_direct (session, "NORMAL", NULL)
makes https://db.debian.org/ accessible again with GnuTLS 2.9.7,
it also breaks connecting to https://www.paypal.com/. Not really a
solution.
cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
- GnuTLS versions 2.9.7 and later breaks libsoup (epiphany), Andreas Metzler, 2010/06/08
- Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany), Nikos Mavrogiannopoulos, 2010/06/08
- Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany), Simon Josefsson, 2010/06/09
- Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany),
Andreas Metzler <=
- Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany), Simon Josefsson, 2010/06/10
- Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany), Nikos Mavrogiannopoulos, 2010/06/10
- Re: Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany), Dan Winship, 2010/06/27
- Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany), Nikos Mavrogiannopoulos, 2010/06/27
- Re: Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany), Andreas Metzler, 2010/06/27