[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany)
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany) |
Date: |
Wed, 09 Jun 2010 20:11:36 +0200 |
User-agent: |
Thunderbird 2.0.0.24 (X11/20100411) |
Andreas Metzler wrote:
>> Hi,
>> The problem seems to be the support for TLS 1.2. It seems that epiphany
>> sets a priority string of "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0". Thus the
>> allowed versions are now TLS 1.2 and SSL 3.0. The servers do not support
>> TLS 1.2 thus falling back to TLS 1.0 which is not supported.
>
> Shouldn't GnuTLS fall back to the supported protocol (SSL 3.0) in that
> case instead of getting stuck?
It cannot. The server decides the fallback.
>> A quick fix
>> would be to add !VERS-TLS1.2 to epiphany (I have no idea where it is).
>
> The respective code seems to be in libsoup
> libsoup2.4-2.30.1/libsoup/soup-gnutls.c
> and the explaining comment points to
> http://bugzilla.gnome.org/show_bug.cgi?id=581342 as reason. Apparently
> epiphany experienced breakage with SSL 3.0 only servers
> (www.paypal.com).
>
> While changing the respective initialisation from
>
> gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0", NULL)
> to
> gnutls_priority_set_direct (session, "NORMAL", NULL)
Then the solution should be:
NORMAL:!VERS-TLS1.1:!VERS-TLS1.2:!VERS-TLS1.0
regards,
Nikos
- GnuTLS versions 2.9.7 and later breaks libsoup (epiphany), Andreas Metzler, 2010/06/08
- Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany), Nikos Mavrogiannopoulos, 2010/06/08
- Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany), Simon Josefsson, 2010/06/09
- Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany), Andreas Metzler, 2010/06/09
- Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany), Simon Josefsson, 2010/06/10
- Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany), Nikos Mavrogiannopoulos, 2010/06/10
- Re: Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany), Dan Winship, 2010/06/27
- Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany), Nikos Mavrogiannopoulos, 2010/06/27
- Re: Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany), Andreas Metzler, 2010/06/27