Title: [176252] trunk/Source/WebKit2
- Revision
- 176252
- Author
- [email protected]
- Date
- 2014-11-18 01:32:23 -0800 (Tue, 18 Nov 2014)
Log Message
[SOUP] [GnuTLS] Don't use a SSL3.0 record version in client hello.
https://bugs.webkit.org/show_bug.cgi?id=138794
Reviewed by Sergio Villar Senin.
It seems that following POODLE many sites incorrectly banned SSL 3.0
record packet versions. Since GnuTLS uses a SSL 3.0 record to
advertise TLS 1.2, they are effectively banning it even if it doesn't
advertise SSL 3.0. That is a server issue, but it can be worked around
by using the modifier %LATEST_RECORD_VERSION.
With this modifier, GnuTLS will use the latest TLS version record
in client hello instead of using the default SSL 3.0.
* NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:
(main):
* WebProcess/EntryPoint/unix/WebProcessMain.cpp:
(main):
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (176251 => 176252)
--- trunk/Source/WebKit2/ChangeLog 2014-11-18 04:50:31 UTC (rev 176251)
+++ trunk/Source/WebKit2/ChangeLog 2014-11-18 09:32:23 UTC (rev 176252)
@@ -1,3 +1,24 @@
+2014-11-18 Carlos Alberto Lopez Perez <[email protected]>
+
+ [SOUP] [GnuTLS] Don't use a SSL3.0 record version in client hello.
+ https://bugs.webkit.org/show_bug.cgi?id=138794
+
+ Reviewed by Sergio Villar Senin.
+
+ It seems that following POODLE many sites incorrectly banned SSL 3.0
+ record packet versions. Since GnuTLS uses a SSL 3.0 record to
+ advertise TLS 1.2, they are effectively banning it even if it doesn't
+ advertise SSL 3.0. That is a server issue, but it can be worked around
+ by using the modifier %LATEST_RECORD_VERSION.
+
+ With this modifier, GnuTLS will use the latest TLS version record
+ in client hello instead of using the default SSL 3.0.
+
+ * NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:
+ (main):
+ * WebProcess/EntryPoint/unix/WebProcessMain.cpp:
+ (main):
+
2014-11-17 Conrad Shultz <[email protected]>
Page previews should be loaded sooner
Modified: trunk/Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp (176251 => 176252)
--- trunk/Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp 2014-11-18 04:50:31 UTC (rev 176251)
+++ trunk/Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp 2014-11-18 09:32:23 UTC (rev 176252)
@@ -39,7 +39,7 @@
// overwrite this priority string if it's already set by the user.
// Keep this in sync with WebProcessMain.cpp.
// https://bugzilla.gnome.org/show_bug.cgi?id=738633
- setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0", 0);
+ setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0", 0);
return NetworkProcessMainUnix(argc, argv);
}
Modified: trunk/Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp (176251 => 176252)
--- trunk/Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp 2014-11-18 04:50:31 UTC (rev 176251)
+++ trunk/Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp 2014-11-18 09:32:23 UTC (rev 176252)
@@ -39,7 +39,7 @@
// overwrite this priority string if it's already set by the user.
// Keep this in sync with NetworkProcessMain.cpp.
// https://bugzilla.gnome.org/show_bug.cgi?id=738633
- setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0", 0);
+ setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0", 0);
return WebProcessMainUnix(argc, argv);
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
