Bug 172153

Summary:

[SOUP] Remove LATEST_RECORD_VERSION from GnuTLS priority string

Product:

WebKit

Reporter:

Michael Catanzaro <mcatanzaro>

Component:

WebKitGTK

Assignee:

Michael Catanzaro <mcatanzaro>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bugs-noreply, bugzilla, cgarcia, commit-queue, mcatanzaro

Priority:

Version:

Other

Hardware:

OS:

Linux

See Also:

https://bugzilla.gnome.org/show_bug.cgi?id=782218

Attachments:

Description	Flags
Patch	none

Michael Catanzaro

Reported 2017-05-15 18:10:31 PDT

Based on discussion with Nikos in https://bugzilla.gnome.org/show_bug.cgi?id=782218, we should remove LATEST_RECORD_VERSION from our GnuTLS priority string. This causes GnuTLS to use the latest TLS record version (the record format is separate from the TLS protocol version), which we needed a couple years ago (after dropping SSLv3) for maximum compatibility with broken web servers. But it's not needed anymore, and is causing new compatibility problems with other broken web servers, so let's get rid of it.

Attachments
Patch (3.00 KB, patch) 2017-05-15 18:16 PDT, Michael Catanzaro	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Michael Catanzaro

Comment 1 2017-05-15 18:16:33 PDT

Created attachment 310201 [details] Patch

WebKit Commit Bot

Comment 2 2017-05-16 00:44:44 PDT

Comment on attachment 310201 [details] Patch Clearing flags on attachment: 310201 Committed r216915: <http://trac.webkit.org/changeset/216915>

WebKit Commit Bot

Comment 3 2017-05-16 00:44:46 PDT

All reviewed patches have been landed. Closing bug.

Michael Catanzaro

Comment 4 2017-05-16 10:29:08 PDT

By the way, since this only fixes compatibility with extremely broken TLS servers, and since there is a significant risk of unexpected regressions with other broken servers, I would not recommend backporting this.

Note You need to log in before you can comment on or make changes to this bug.