On 13/11/14 03:18, Niranjan Rao wrote: > Michael, > > Thank you for detailed explanation. Though I am not expert I suspected > something on similar lines and hence raised the question about using > webkit TLS functionality. > > I'll follow up with gnu tls lists. >
The issue is that GnuTLS by default sends a SSL 3.0 version record in client hello to advertise TLS (even when SSL 3.0 is disabled), and some servers have banned this after POODLE [1]. I have submitted a patch [2] to work around this issue on the WebKit side. You can also workaround this issue by setting the environment variable G_TLS_GNUTLS_PRIORITY before launching the WK browser: $ export G_TLS_GNUTLS_PRIORITY='NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0' $ epiphany https://www.pge.com/eum/login Regards! -------- [1] http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html [2] https://bugs.webkit.org/show_bug.cgi?id=138794
signature.asc
Description: OpenPGP digital signature
_______________________________________________ webkit-gtk mailing list [email protected] https://lists.webkit.org/mailman/listinfo/webkit-gtk
