Title: [176253] releases/WebKitGTK/webkit-2.6/Source/WebKit2
- Revision
- 176253
- Author
- [email protected]
- Date
- 2014-11-18 03:49:56 -0800 (Tue, 18 Nov 2014)
Log Message
Merge r176252 - [SOUP] [GnuTLS] Don't use a SSL3.0 record version in client hello.
https://bugs.webkit.org/show_bug.cgi?id=138794
Reviewed by Sergio Villar Senin.
It seems that following POODLE many sites incorrectly banned SSL 3.0
record packet versions. Since GnuTLS uses a SSL 3.0 record to
advertise TLS 1.2, they are effectively banning it even if it doesn't
advertise SSL 3.0. That is a server issue, but it can be worked around
by using the modifier %LATEST_RECORD_VERSION.
With this modifier, GnuTLS will use the latest TLS version record
in client hello instead of using the default SSL 3.0.
* NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:
(main):
* WebProcess/EntryPoint/unix/WebProcessMain.cpp:
(main):
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.6/Source/WebKit2/ChangeLog (176252 => 176253)
--- releases/WebKitGTK/webkit-2.6/Source/WebKit2/ChangeLog 2014-11-18 09:32:23 UTC (rev 176252)
+++ releases/WebKitGTK/webkit-2.6/Source/WebKit2/ChangeLog 2014-11-18 11:49:56 UTC (rev 176253)
@@ -1,3 +1,24 @@
+2014-11-18 Carlos Alberto Lopez Perez <[email protected]>
+
+ [SOUP] [GnuTLS] Don't use a SSL3.0 record version in client hello.
+ https://bugs.webkit.org/show_bug.cgi?id=138794
+
+ Reviewed by Sergio Villar Senin.
+
+ It seems that following POODLE many sites incorrectly banned SSL 3.0
+ record packet versions. Since GnuTLS uses a SSL 3.0 record to
+ advertise TLS 1.2, they are effectively banning it even if it doesn't
+ advertise SSL 3.0. That is a server issue, but it can be worked around
+ by using the modifier %LATEST_RECORD_VERSION.
+
+ With this modifier, GnuTLS will use the latest TLS version record
+ in client hello instead of using the default SSL 3.0.
+
+ * NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:
+ (main):
+ * WebProcess/EntryPoint/unix/WebProcessMain.cpp:
+ (main):
+
2014-11-15 Carlos Garcia Campos <[email protected]>
Network process crash when running http/tests/appcache/fallback.html
Modified: releases/WebKitGTK/webkit-2.6/Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp (176252 => 176253)
--- releases/WebKitGTK/webkit-2.6/Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp 2014-11-18 09:32:23 UTC (rev 176252)
+++ releases/WebKitGTK/webkit-2.6/Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp 2014-11-18 11:49:56 UTC (rev 176253)
@@ -39,7 +39,7 @@
// overwrite this priority string if it's already set by the user.
// Keep this in sync with WebProcessMain.cpp.
// https://bugzilla.gnome.org/show_bug.cgi?id=738633
- setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0", 0);
+ setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0", 0);
return NetworkProcessMainUnix(argc, argv);
}
Modified: releases/WebKitGTK/webkit-2.6/Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp (176252 => 176253)
--- releases/WebKitGTK/webkit-2.6/Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp 2014-11-18 09:32:23 UTC (rev 176252)
+++ releases/WebKitGTK/webkit-2.6/Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp 2014-11-18 11:49:56 UTC (rev 176253)
@@ -39,7 +39,7 @@
// overwrite this priority string if it's already set by the user.
// Keep this in sync with NetworkProcessMain.cpp.
// https://bugzilla.gnome.org/show_bug.cgi?id=738633
- setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0", 0);
+ setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0", 0);
return WebProcessMainUnix(argc, argv);
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
