http://bugzilla.novell.com/show_bug.cgi?id=526319 User llunak@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=526319#c11 Lubos Lunak <llunak@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |llunak@novell.com AssignedTo|kde-maintainers@suse.de |gjhe@novell.com --- Comment #11 from Lubos Lunak <llunak@novell.com> 2009-08-21 10:33:56 MDT --- Fun fun. It looks like this is nowhere near trivial, and I'm pretty clueless about these things. Yet I'm apparently at least lucky :). I cannot reproduce this problem with Konqueror from KDE4.1.3, in any way. This can be reproduced either on 11.2 (with either Konqueror or Arora) or on 11.1 after installing openssl-0.9.8k and installing Arora from KDE:KDE4:Factory:Desktop (which will probably pull in other things from the repo, at least Qt4 version 4.5.2, so if you do this on a production machine, revert this afterwards, KDE4.1.3 doesn't work very well with this Qt version). While searching for more info, I was also told: ===== ] the issue I'm thinking of is a server-side issue where if you send tls extensiosn on ssl3, the server incorrectly calculates the checksum, so fails the handshake ] the client-side workaround being not to send tls extension advertisements on ssl3 ] though, that server-side issue is only in old openssl versions ] IMO not a qt bug, or even an openssl client bug ] and most distros patch their openssl nowadays to not sent tls extensions on ssl3 ===== So I checked the RedHat openssl package and the patch called openssl-0.9.8g-no-extssl.patch looked to me reasonably close to what is mentioned above. And our openssl package with this patch applied makes both Konqueror and Arora on 11.2 work when accessing the affected sites. I have no idea what the patch really does. As far as I understand it, the Novell sites have broken HTTPS support and the patch makes openssl avoid triggering the brokeness. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.