<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - [SOUP] Stop setting G_TLS_GNUTLS_PRIORITY"
href="https://bugs.webkit.org/show_bug.cgi?id=158785">158785</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>[SOUP] Stop setting G_TLS_GNUTLS_PRIORITY
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>Other
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>WebKit Gtk
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>mcatanzaro@igalia.com
</td>
</tr>
<tr>
<th>CC</th>
<td>bugs-noreply@webkitgtk.org
</td>
</tr></table>
<p>
<div>
<pre>It was needed as a crisis response to disable SSLv3, and later I used it to disable RC4. But if your GnuTLS still allows either of these by default, then you have much more serious problems than SSLv3 or RC4. We can't support outdated GnuTLS; this is a security-sensitive library that has to be kept always at the latest version.
This change brings us into compliance with Fedora crypto requirements, but it's appropriate for all distros. In the future, we will trust GnuTLS to handle TLS crisis response, and it's on distros if they don't update GnuTLS.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>