GnuTLS versions 2.9.7 and later breaks libsoup (epiphany)

Andreas Metzler ametzler at
Wed Jun 9 19:41:18 CEST 2010

On 2010-06-08 Nikos Mavrogiannopoulos <nmav at> wrote:
> Andreas Metzler wrote:
> > Hello,
> > this is
> > With GnuTLS versions 2.9.7 and later epiphany is unable to load https
> > sites. Reproducing this is very easy on Debian/unstable
> > (+experimental)

> > sudo apt-get install epiphany-browser
> > sudo apt-get install libgnutls26=2.9.11-1
> > epiphany-browser
> > epiphany simply gets stuck, resending the same request again and
> > again. GnuTLS 2.9.6 and earlier (including 2.8.x) are fine.

> Hi,
>  The problem seems to be the support for TLS 1.2. It seems that epiphany
> sets a priority string of "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0". Thus the
> allowed versions are now TLS 1.2 and SSL 3.0. The servers do not support
> TLS 1.2 thus falling back to TLS 1.0 which is not supported.

Shouldn't GnuTLS fall back to the supported protocol (SSL 3.0) in that
case instead of getting stuck?

> A quick fix
> would be to add !VERS-TLS1.2 to epiphany (I have no idea where it is).

The respective code seems to be in libsoup
and the explaining comment points to as reason. Apparently
epiphany experienced breakage with SSL 3.0 only servers

While changing the respective initialisation from

gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0", NULL)
gnutls_priority_set_direct (session, "NORMAL", NULL)

makes accessible again with GnuTLS 2.9.7,
it also breaks connecting to Not really a

cu andreas
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Gnutls-devel mailing list