Reported here: https://lists.webkit.org/pipermail/webkit-gtk/2014-November/002134.html and followed with the gnutls developers here: http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html Some sites ( for example: https://www.pge.com/eum/login ) are banning SSL 3.0 record packet versions, and GnuTLS uses by default a a SSL 3.0 version record in client hello to advertise TLS (even when SSL 3.0 is disabled). Doc: http://gnutls.org/manual/html_node/Priority-Strings.html#tab_003aprio_002dspecial1
Created attachment 241705 [details] Patch
Checked on https://cc.dcsec.uni-hannover.de/ Before this patch it says: Preferred SSL/TLS version: SSLv3 Version: 3.0 After the patch it says: Preferred SSL/TLS version: TLSv1.2 Version: 3.3 Also the test page https://www.pge.com/eum/login loads fine after this patch.
We should do this, but going forward: is Nikos going to add %LATEST_RECORD_VERSION to %COMPAT?
(In reply to comment #3) > We should do this, but going forward: is Nikos going to add > %LATEST_RECORD_VERSION to %COMPAT? In his reply he shows intention to change the default from %SSL3_RECORD_VERSION to %LATEST_RECORD_VERSION: http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html > That seems like a good opportunity to make that the default.
Comment on attachment 241705 [details] Patch Thanks for the patch!
Comment on attachment 241705 [details] Patch Clearing flags on attachment: 241705 Committed r176252: <http://trac.webkit.org/changeset/176252>
All reviewed patches have been landed. Closing bug.