[Webkit-unassigned] [Bug 158785] New: [SOUP] Stop setting G_TLS_GNUTLS_PRIORITY

Wed Jun 15 08:39:10 PDT 2016

https://bugs.webkit.org/show_bug.cgi?id=158785

            Bug ID: 158785
           Summary: [SOUP] Stop setting G_TLS_GNUTLS_PRIORITY
    Classification: Unclassified
           Product: WebKit
           Version: Other
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com
                CC: bugs-noreply at webkitgtk.org

It was needed as a crisis response to disable SSLv3, and later I used it to disable RC4. But if your GnuTLS still allows either of these by default, then you have much more serious problems than SSLv3 or RC4. We can't support outdated GnuTLS; this is a security-sensitive library that has to be kept always at the latest version.

This change brings us into compliance with Fedora crypto requirements, but it's appropriate for all distros. In the future, we will trust GnuTLS to handle TLS crisis response, and it's on distros if they don't update GnuTLS.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160615/139cc27d/attachment.html>