GnuTLS versions 2.9.7 and later breaks libsoup (epiphany)

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Jun 9 15:09:04 CEST 2010


On Wed, Jun 9, 2010 at 2:52 PM, Simon Josefsson <simon at josefsson.org> wrote:

>>  The problem seems to be the support for TLS 1.2. It seems that epiphany
>> sets a priority string of "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0". Thus the
>> allowed versions are now TLS 1.2 and SSL 3.0. The servers do not support
>> TLS 1.2 thus falling back to TLS 1.0 which is not supported. A quick fix
>> would be to add !VERS-TLS1.2 to epiphany (I have no idea where it is).
>
> Why aren't they simply using 'NORMAL'?  I think any deviation from
> NORMAL need some good justification, and ultimately configured by the
> user.  Not supporting TLS 1.0 seems quite bad...

I only speculate here, but I think it is probably for interoperability
reasons. I've seen some servers rejecting client hellos containing TLS
1.1 and/or TLS 1.2. I don't think TLS 1.0 is a problem though.
Sometime ago, I was thinking disabling 1.1 and 1.2 if the %COMPAT flag
is specified, but never did it due to lack of complaints :)

regards,
Nikos




More information about the Gnutls-devel mailing list