Summary: | [SOUP] [GnuTLS] Don't use a SSL3.0 record version in client hello. | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Carlos Alberto Lopez Perez <clopez> | ||||
Component: | WebKitGTK | Assignee: | Carlos Alberto Lopez Perez <clopez> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | cgarcia, commit-queue, gustavo, mcatanzaro | ||||
Priority: | P2 | ||||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Attachments: |
|
Description
Carlos Alberto Lopez Perez
2014-11-17 05:56:04 PST
Created attachment 241705 [details]
Patch
Checked on https://cc.dcsec.uni-hannover.de/ Before this patch it says: Preferred SSL/TLS version: SSLv3 Version: 3.0 After the patch it says: Preferred SSL/TLS version: TLSv1.2 Version: 3.3 Also the test page https://www.pge.com/eum/login loads fine after this patch. We should do this, but going forward: is Nikos going to add %LATEST_RECORD_VERSION to %COMPAT? (In reply to comment #3) > We should do this, but going forward: is Nikos going to add > %LATEST_RECORD_VERSION to %COMPAT? In his reply he shows intention to change the default from %SSL3_RECORD_VERSION to %LATEST_RECORD_VERSION: http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html > That seems like a good opportunity to make that the default. Comment on attachment 241705 [details]
Patch
Thanks for the patch!
Comment on attachment 241705 [details] Patch Clearing flags on attachment: 241705 Committed r176252: <http://trac.webkit.org/changeset/176252> All reviewed patches have been landed. Closing bug. |