[Webkit-unassigned] [Bug 137859] New: [GTK] Disable SSLv3
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Oct 18 17:36:35 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=137859
Bug ID: 137859
Summary: [GTK] Disable SSLv3
Classification: Unclassified
Product: WebKit
Version: 528+ (Nightly build)
Hardware: PC
OS: Linux
Status: NEW
Severity: Major
Priority: P2
Component: WebKit Gtk
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcatanzaro at gnome.org
We need to disable SSLv3 in order to fix the POODLE vulnerability.
Discussion on why the environment variable approach was chosen, and why it's not set in the GTK+ port instead of in shared soup code: https://bugzilla.gnome.org/show_bug.cgi?id=738633
Quick security test: https://www.ssllabs.com/ssltest/viewMyClient.html
GnuTLS security advisory: http://www.gnutls.org/security.html#GNUTLS-SA-2014-4
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141019/1b7355d2/attachment-0002.html>
More information about the webkit-unassigned
mailing list