http://bugzilla.novell.com/show_bug.cgi?id=526319
User llunak@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=526319#c11
Lubos Lunak changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |llunak@novell.com
AssignedTo|kde-maintainers@suse.de |gjhe@novell.com
--- Comment #11 from Lubos Lunak 2009-08-21 10:33:56 MDT ---
Fun fun. It looks like this is nowhere near trivial, and I'm pretty clueless
about these things. Yet I'm apparently at least lucky :).
I cannot reproduce this problem with Konqueror from KDE4.1.3, in any way. This
can be reproduced either on 11.2 (with either Konqueror or Arora) or on 11.1
after installing openssl-0.9.8k and installing Arora from
KDE:KDE4:Factory:Desktop (which will probably pull in other things from the
repo, at least Qt4 version 4.5.2, so if you do this on a production machine,
revert this afterwards, KDE4.1.3 doesn't work very well with this Qt version).
While searching for more info, I was also told:
=====
] the issue I'm thinking of is a server-side issue where if you send tls
extensiosn on ssl3, the server incorrectly calculates the checksum, so fails
the handshake
] the client-side workaround being not to send tls extension advertisements on
ssl3
] though, that server-side issue is only in old openssl versions
] IMO not a qt bug, or even an openssl client bug
] and most distros patch their openssl nowadays to not sent tls extensions on
ssl3
=====
So I checked the RedHat openssl package and the patch called
openssl-0.9.8g-no-extssl.patch looked to me reasonably close to what is
mentioned above. And our openssl package with this patch applied makes both
Konqueror and Arora on 11.2 work when accessing the affected sites.
I have no idea what the patch really does. As far as I understand it, the
Novell sites have broken HTTPS support and the patch makes openssl avoid
triggering the brokeness.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.