Changeset 216915 in webkit


Ignore:
Timestamp:
May 16, 2017 12:44:41 AM (7 years ago)
Author:
Michael Catanzaro
Message:

[SOUP] Remove LATEST_RECORD_VERSION from GnuTLS priority string
https://bugs.webkit.org/show_bug.cgi?id=172153

Based on discussion with Nikos in https://bugzilla.gnome.org/show_bug.cgi?id=782218, we
should remove LATEST_RECORD_VERSION from our GnuTLS priority string. This causes GnuTLS to
use the latest TLS record version (the record format is separate from the TLS protocol
version), which we needed a couple years ago (after dropping SSLv3) for maximum
compatibility with broken web servers. But it's not needed anymore, and is causing new
compatibility problems with other broken web servers, so let's get rid of it.

Reviewed by Carlos Garcia Campos.

  • NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:

(main):

  • WebProcess/EntryPoint/unix/WebProcessMain.cpp:

(main):

Location:
trunk/Source/WebKit2
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit2/ChangeLog

    r216903 r216915  
     12017-05-16  Michael Catanzaro  <mcatanzaro@igalia.com>
     2
     3        [SOUP] Remove LATEST_RECORD_VERSION from GnuTLS priority string
     4        https://bugs.webkit.org/show_bug.cgi?id=172153
     5
     6        Based on discussion with Nikos in https://bugzilla.gnome.org/show_bug.cgi?id=782218, we
     7        should remove LATEST_RECORD_VERSION from our GnuTLS priority string. This causes GnuTLS to
     8        use the latest TLS record version (the record format is separate from the TLS protocol
     9        version), which we needed a couple years ago (after dropping SSLv3) for maximum
     10        compatibility with broken web servers. But it's not needed anymore, and is causing new
     11        compatibility problems with other broken web servers, so let's get rid of it.
     12
     13        Reviewed by Carlos Garcia Campos.
     14
     15        * NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:
     16        (main):
     17        * WebProcess/EntryPoint/unix/WebProcessMain.cpp:
     18        (main):
     19
    1202017-05-15  Andy Estes  <aestes@apple.com>
    221

  • trunk/Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp

    r181073 r216915  
    4040    // https://bugzilla.gnome.org/show_bug.cgi?id=738633
    4141    // WARNING: This needs to be KEPT IN SYNC with WebProcessMain.cpp.
    42     setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0:!ARCFOUR-128", 0);
     42    setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0:!ARCFOUR-128", 0);
    4343
    4444    return NetworkProcessMainUnix(argc, argv);

  • trunk/Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp

    r181073 r216915  
    4040    // https://bugzilla.gnome.org/show_bug.cgi?id=738633
    4141    // WARNING: This needs to be KEPT IN SYNC with WebProcessMain.cpp.
    42     setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0:!ARCFOUR-128", 0);
     42    setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0:!ARCFOUR-128", 0);
    4343
    4444    return WebProcessMainUnix(argc, argv);
Note: See TracChangeset for help on using the changeset viewer.