GnuTLS versions 2.9.7 and later breaks libsoup (epiphany)

Nikos Mavrogiannopoulos nmav at
Sun Jun 27 18:03:35 CEST 2010

Dan Winship wrote:

>> A better solution is to attempt the NORMAL setting first, and if it
>> fails, also attempt to negotiate using SSL3+TLS1 only.  If that fails,
>> stop retrying.
> As someone else noted, PayPal's server is too broken for that. My plan
> was to try NORMAL first, and then fall back to SSL3-only; otherwise
> there are too many variables for different ways servers could be broken
> (maybe they support TLS 1.0 without extensions, but fail if you try to
> use the server name extension, etc).

At least for paypal using the %COMPAT flag does the job.


More information about the Gnutls-devel mailing list