Thank you Nikos,
Unfortunately, I don't much about tls. If I want to use this in webkit,
any idea what do I need to do?
Regards,
Niranjan
On 11/13/2014 12:08 AM, Nikos Mavrogiannopoulos wrote:
On Thu, Nov 13, 2014 at 3:27 AM, Niranjan Rao <[email protected]> wrote:
Greetings,
I am getting ssl handshake error while visiting site
https://www.pge.com/eum/login and some other sites using Webkit GTK 2.2.6 on
Ubuntu 12.04. I am really not certain which version of TLS library is
getting used, but it appears that glib-networking version is 2.36.1.
I raised the question on webkit gtk list and nice person
[email protected] did some initial steps for debugging the issue and
directed me to this mailing list for support. Following mail contains his
analysis.
Hi,
It seems that following poodle many sites incorrectly banned SSL 3.0
record packet versions. Since gnutls uses an SSL 3.0 record to
advertise TLS 1.2, they are effectively banning it even if it doesn't
advertise SSL 3.0. That is a server issue, but it can be worked around
by using the modifier %LATEST_RECORD_VERSION, e.g.,
gnutls-cli www.pge.com --priority "NORMAL:%LATEST_RECORD_VERSION"
should work.
That seems like a good opportunity to make that the default.
regards,
Nikos
_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help
