[Bug 634040] New: libsoup should not disable TLS
https://bugzilla.novell.com/show_bug.cgi?id=634040 https://bugzilla.novell.com/show_bug.cgi?id=634040#c0 Summary: libsoup should not disable TLS Classification: openSUSE Product: openSUSE 11.4 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: GNOME AssignedTo: bnc-team-gnome@forge.provo.novell.com ReportedBy: mrueckert@novell.com QAContact: qa@suse.de CC: security-team@suse.de Found By: --- Blocker: --- the current submission to factory would leave us with a libsoup that would only allow SSLv3. from the changes entry: [[[ + Disabled TLS 1.2 in addition to the already-disabled 1.1 and 1.0, thus making libsoup usable with gnutls 2.10. [bgo#622857] ]]] https://bugzilla.gnome.org/show_bug.cgi?id=622857 the original bug that lead to disabling tls 1.0/1.1 is: https://bugzilla.gnome.org/show_bug.cgi?id=581342#c7 imho it was wrong that upstream tried to workaround gnutls bugs in libsoup instead of escalating them. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=634040
https://bugzilla.novell.com/show_bug.cgi?id=634040#c1
Vincent Untz
https://bugzilla.novell.com/show_bug.cgi?id=634040
https://bugzilla.novell.com/show_bug.cgi?id=634040#c2
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=634040
https://bugzilla.novell.com/show_bug.cgi?id=634040#c3
Dan Winship
the current submission to factory would leave us with a libsoup that would only allow SSLv3.
True, but you *already had* a libsoup that only allowed SSLv3. The fix you point out is to make SSL work *at all* with GNUTLS 2.10. (In other words, the options are: libsoup 2.31.2 + GNUTLS 2.8 = SSLv3 only libsoup 2.31.2 + GNUTLS 2.10 = no SSL/TLS at all libsoup 2.31.6 + GNUTLS 2.8 / 2.10 = SSLv3 only )
imho it was wrong that upstream tried to workaround gnutls bugs in libsoup instead of escalating them.
Um, irony. Anyway, %SSL3_RECORD_VERSION doesn't fix the problem for all hosts. If you want to write a patch fixing the problem correctly as described at the end of https://bugzilla.gnome.org/show_bug.cgi?id=581342#c7, I'm happy to take it. Or if you want to undo this entirely in openSUSE, you can revert soup-gnutls.c back to the state from before http://git.gnome.org/browse/libsoup/commit/?id=4d8e5c85894ade47189612fbafd04.... Maybe no one would notice; PayPal was the big (known) offender at the time of the original patch, and they've upgraded their servers since then to something written this millennium, so they don't need the hack any more. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=634040
https://bugzilla.novell.com/show_bug.cgi?id=634040#c4
--- Comment #4 from Marcus Rückert
https://bugzilla.novell.com/show_bug.cgi?id=634040
https://bugzilla.novell.com/show_bug.cgi?id=634040#c5
--- Comment #5 from Dan Winship
https://bugzilla.novell.com/show_bug.cgi?id=634040
https://bugzilla.novell.com/show_bug.cgi?id=634040#c6
--- Comment #6 from Marcus Rückert
https://bugzilla.novell.com/show_bug.cgi?id=634040
https://bugzilla.novell.com/show_bug.cgi?id=634040#c7
--- Comment #7 from Dan Winship
https://bugzilla.novell.com/show_bug.cgi?id=634040
https://bugzilla.novell.com/show_bug.cgi?id=634040#c8
--- Comment #8 from Marcus Rückert
https://bugzilla.novell.com/show_bug.cgi?id=634040
https://bugzilla.novell.com/show_bug.cgi?id=634040#c9
--- Comment #9 from Marcus Rückert
https://bugzilla.novell.com/show_bug.cgi?id=634040
https://bugzilla.novell.com/show_bug.cgi?id=634040#c10
--- Comment #10 from Dan Winship
https://bugzilla.novell.com/show_bug.cgi?id=634040
https://bugzilla.novell.com/show_bug.cgi?id=634040#c11
--- Comment #11 from Vincent Untz
https://bugzilla.novell.com/show_bug.cgi?id=634040
https://bugzilla.novell.com/show_bug.cgi?id=634040#c12
--- Comment #12 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=634040
https://bugzilla.novell.com/show_bug.cgi?id=634040#c13
Vincent Untz
participants (1)
-
bugzilla_noreply@novell.com