Bug 172153 - [SOUP] Remove LATEST_RECORD_VERSION from GnuTLS priority string
Summary: [SOUP] Remove LATEST_RECORD_VERSION from GnuTLS priority string
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKitGTK (show other bugs)
Version: Other
Hardware: PC Linux
: P2 Normal
Assignee: Michael Catanzaro
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-15 18:10 PDT by Michael Catanzaro
Modified: 2017-05-16 10:29 PDT (History)
5 users (show)

See Also:

Attachments
Patch (3.00 KB, patch)
2017-05-15 18:16 PDT, Michael Catanzaro 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Catanzaro 2017-05-15 18:10:31 PDT 
Based on discussion with Nikos in https://bugzilla.gnome.org/show_bug.cgi?id=782218, we should remove LATEST_RECORD_VERSION from our GnuTLS priority string. This causes GnuTLS to use the latest TLS record version (the record format is separate from the TLS protocol version), which we needed a couple years ago (after dropping SSLv3) for maximum compatibility with broken web servers. But it's not needed anymore, and is causing new compatibility problems with other broken web servers, so let's get rid of it.
Comment 1 Michael Catanzaro 2017-05-15 18:16:33 PDT 
Created attachment 310201 [details]
Patch
Comment 2 WebKit Commit Bot 2017-05-16 00:44:44 PDT 
Comment on attachment 310201 [details]
Patch

Clearing flags on attachment: 310201

Committed r216915: <http://trac.webkit.org/changeset/216915>
Comment 3 WebKit Commit Bot 2017-05-16 00:44:46 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 4 Michael Catanzaro 2017-05-16 10:29:08 PDT 
By the way, since this only fixes compatibility with extremely broken TLS servers, and since there is a significant risk of unexpected regressions with other broken servers, I would not recommend backporting this.