[SOUP] [GnuTLS] Don't use a SSL3.0 record version in client hello.
authorclopez@igalia.com <clopez@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 18 Nov 2014 09:32:23 +0000 (09:32 +0000)
committerclopez@igalia.com <clopez@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 18 Nov 2014 09:32:23 +0000 (09:32 +0000)
commitf1ddbebb7e1fdc8b5266433f069ddcff50bec548
tree000a34a86817737c2fcea5a4e519ec54ed14c598
parent4b8973784df7e62068775a116db285ffc3d7ccae
[SOUP] [GnuTLS] Don't use a SSL3.0 record version in client hello.
https://bugs.webkit.org/show_bug.cgi?id=138794

Reviewed by Sergio Villar Senin.

It seems that following POODLE many sites incorrectly banned SSL 3.0
record packet versions. Since GnuTLS uses a SSL 3.0 record to
advertise TLS 1.2, they are effectively banning it even if it doesn't
advertise SSL 3.0. That is a server issue, but it can be worked around
by using the modifier %LATEST_RECORD_VERSION.

With this modifier, GnuTLS will use the latest TLS version record
in client hello instead of using the default SSL 3.0.

* NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:
(main):
* WebProcess/EntryPoint/unix/WebProcessMain.cpp:
(main):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@176252 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebKit2/ChangeLog
Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp
Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp