[Webkit-unassigned] [Bug 137859] [GTK] Disable SSLv3
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Oct 18 23:53:14 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=137859
Carlos Garcia Campos <cgarcia at igalia.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #240078|review?, commit-queue? |review-, commit-queue-
Flags| |
--- Comment #3 from Carlos Garcia Campos <cgarcia at igalia.com> ---
Comment on attachment 240078
--> https://bugs.webkit.org/attachment.cgi?id=240078
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=240078&action=review
> Source/WebKit2/ChangeLog:10
> + * NetworkProcess/gtk/NetworkProcessMainGtk.cpp:
> + (WebKit::NetworkProcessMainUnix):
> + Set G_TLS_GNUTLS_PRIORITY if unset.
You should do the same in the web process, since the network process is only used in multi-webprocess model
> Source/WebKit2/NetworkProcess/gtk/NetworkProcessMainGtk.cpp:70
> + // Disable SSLv3 very early because it is practically impossible to safely
> + // use setenv() when multiple threads are running, as another thread calling
> + // getenv() could cause a crash, and many functions use getenv() internally.
> + // This workaround will stop working if glib-networking switches away from
> + // GnuTLS or simply stops parsing this variable. We intentionally do not
> + // overwrite this priority string if it's already set by the user.
> + // https://bugzilla.gnome.org/show_bug.cgi?id=738633
> + g_setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0", FALSE);
You can do it even earlier in NetworkProcessMain.cpp and it will be disabled for EFL too.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141019/387944e6/attachment-0002.html>
More information about the webkit-unassigned
mailing list