[webkit-gtk] SSL Handshake error

Carlos Alberto Lopez Perez clopez at igalia.com
Mon Nov 17 09:09:13 PST 2014


On 13/11/14 03:18, Niranjan Rao wrote:
> Michael,
> 
> Thank you for detailed explanation. Though I am not expert I suspected
> something on similar lines and hence raised the question about using
> webkit TLS functionality.
> 
> I'll follow up  with gnu tls lists.
> 

The issue is that GnuTLS by default sends a SSL 3.0 version record in
client hello to advertise TLS (even when SSL 3.0 is disabled), and some
servers have banned this after POODLE [1].

I have submitted a patch [2] to work around this issue on the WebKit
side.

You can also workaround this issue by setting the environment variable
G_TLS_GNUTLS_PRIORITY before launching the WK browser:

$ export G_TLS_GNUTLS_PRIORITY='NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0'
$ epiphany https://www.pge.com/eum/login


Regards!
--------
[1] http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html
[2] https://bugs.webkit.org/show_bug.cgi?id=138794

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 883 bytes
Desc: OpenPGP digital signature
URL: <https://lists.webkit.org/pipermail/webkit-gtk/attachments/20141117/afc59ace/attachment.sig>


More information about the webkit-gtk mailing list