gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany)

From: Simon Josefsson
Subject: Re: GnuTLS versions 2.9.7 and later breaks libsoup (epiphany)
Date: Wed, 09 Jun 2010 14:52:21 +0200
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux) 
Nikos Mavrogiannopoulos <address@hidden> writes:

> Andreas Metzler wrote:
>> Hello,
>> this is http://bugs.debian.org/576339
>> 
>> With GnuTLS versions 2.9.7 and later epiphany is unable to load https
>> sites. Reproducing this is very easy on Debian/unstable
>> (+experimental)
>> 
>> sudo apt-get install epiphany-browser
>> sudo apt-get install libgnutls26=2.9.11-1
>> epiphany-browser https://db.debian.org/
>> 
>> epiphany simply gets stuck, resending the same request again and
>> again. GnuTLS 2.9.6 and earlier (including 2.8.x) are fine.
>
> Hi,
>  The problem seems to be the support for TLS 1.2. It seems that epiphany
> sets a priority string of "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0". Thus the
> allowed versions are now TLS 1.2 and SSL 3.0. The servers do not support
> TLS 1.2 thus falling back to TLS 1.0 which is not supported. A quick fix
> would be to add !VERS-TLS1.2 to epiphany (I have no idea where it is).

Why aren't they simply using 'NORMAL'?  I think any deviation from
NORMAL need some good justification, and ultimately configured by the
user.  Not supporting TLS 1.0 seems quite bad...

/Simon
reply via email to
[Prev in Thread] Current Thread [Next in Thread]