[Webkit-unassigned] [Bug 138794] New: [SOUP] [GnuTLS] Don't use a SSL3.0 record version in client hello.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Nov 17 05:56:04 PST 2014


            Bug ID: 138794
           Summary: [SOUP] [GnuTLS] Don't use a SSL3.0 record version in
                    client hello.
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: clopez at igalia.com
                CC: mcatanzaro at gnome.org

Reported here: https://lists.webkit.org/pipermail/webkit-gtk/2014-November/002134.html and followed with the gnutls developers here: http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html

Some sites ( for example: https://www.pge.com/eum/login ) are banning SSL 3.0 record packet versions, and GnuTLS uses by default a a SSL 3.0 version record in client hello to advertise TLS (even when SSL 3.0 is disabled). Doc: http://gnutls.org/manual/html_node/Priority-Strings.html#tab_003aprio_002dspecial1

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141117/26455d4a/attachment-0002.html>

More information about the webkit-unassigned mailing list