[webkit-gtk] SSL Handshake error
Carlos Alberto Lopez Perez
clopez at igalia.com
Mon Nov 17 09:09:13 PST 2014
On 13/11/14 03:18, Niranjan Rao wrote:
> Michael,
>
> Thank you for detailed explanation. Though I am not expert I suspected
> something on similar lines and hence raised the question about using
> webkit TLS functionality.
>
> I'll follow up with gnu tls lists.
>
The issue is that GnuTLS by default sends a SSL 3.0 version record in
client hello to advertise TLS (even when SSL 3.0 is disabled), and some
servers have banned this after POODLE [1].
I have submitted a patch [2] to work around this issue on the WebKit
side.
You can also workaround this issue by setting the environment variable
G_TLS_GNUTLS_PRIORITY before launching the WK browser:
$ export G_TLS_GNUTLS_PRIORITY='NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0'
$ epiphany https://www.pge.com/eum/login
Regards!
--------
[1] http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html
[2] https://bugs.webkit.org/show_bug.cgi?id=138794
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 883 bytes
Desc: OpenPGP digital signature
URL: <https://lists.webkit.org/pipermail/webkit-gtk/attachments/20141117/afc59ace/attachment.sig>
More information about the webkit-gtk
mailing list