Control: reassign -1 libwebkitgtk-1.0-0 Control: affects -1 + midori Control: retitle -1 libwebkitgtk-1.0-0 gets bad results from https://www.howsmyssl.com/
On Tuesday, November 10 2015, I wrote: > On Thursday, November 05 2015, 積丹尼 Dan Jacobson wrote: > >> "Bad" results from https://www.howsmyssl.com/ . Need to improve security. > > Thanks for the heads up. I am aware of this issue, and it is worth > saying that this does not seem to be Midori's fault directly. SSL/TLS > is handled by WebKit/libsoup, so it would be good to spend some time > investigating this and reassigning the bug to the proper package. > > I have been running Midori compiled against GTK 3/libwebkitgtk2 and this > issue does not happen there, which is a good thing because I intend to > upgrade the official Midori package on Debian to use these components. > Meanwhile, I'll try to see if I can track the responsible for these bad > SSL/TLS configurations. After investigating it a bit, I found that libwebkitgtk is the responsible for setting the G_TLS_GNUTLS_PRIORITY environment variable. For that reason, I am reassigning this bug to it. If you do: export G_TLS_GNUTLS_PRIORITY='NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0:!ARCFOUR-128' ; midori You don't see the failures anymore. That's the default value used on libwebkit2gtk, whereas libwebkitgtk uses: NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0 I.e., without the !ARCFOUR-128 part. I leave it to the libwebkitgtk maintainers to decide whether this default should be changed or not. IMO, it should. Thanks, -- Sergio GPG key ID: 237A 54B1 0287 28BF 00EF 31F4 D0EB 7628 65FC 5E36 Please send encrypted e-mail if possible http://sergiodj.net/
signature.asc
Description: PGP signature
