On Thu, Nov 13, 2014 at 3:27 AM, Niranjan Rao <[email protected]> wrote: > Greetings, > I am getting ssl handshake error while visiting site > https://www.pge.com/eum/login and some other sites using Webkit GTK 2.2.6 on > Ubuntu 12.04. I am really not certain which version of TLS library is > getting used, but it appears that glib-networking version is 2.36.1. > I raised the question on webkit gtk list and nice person > [email protected] did some initial steps for debugging the issue and > directed me to this mailing list for support. Following mail contains his > analysis.
Hi, It seems that following poodle many sites incorrectly banned SSL 3.0 record packet versions. Since gnutls uses an SSL 3.0 record to advertise TLS 1.2, they are effectively banning it even if it doesn't advertise SSL 3.0. That is a server issue, but it can be worked around by using the modifier %LATEST_RECORD_VERSION, e.g., gnutls-cli www.pge.com --priority "NORMAL:%LATEST_RECORD_VERSION" should work. That seems like a good opportunity to make that the default. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
