From 9dde96443be648f58ebd9b0516f97abb402588ac Mon Sep 17 00:00:00 2001 From: "commit-queue@webkit.org" Date: Thu, 5 Mar 2015 09:27:21 +0000 Subject: [PATCH 1/1] [SOUP] Disable RC4 https://bugs.webkit.org/show_bug.cgi?id=140014 Patch by Michael Catanzaro on 2015-03-05 Reviewed by Carlos Garcia Campos. Disallow RC4-based ciphersuites when performing TLS negotiation, because it is no longer considered secure. * NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp: (main): * WebProcess/EntryPoint/unix/WebProcessMain.cpp: (main): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@181073 268f45cc-cd09-0410-ab3c-d52691b4dbfc --- Source/WebKit2/ChangeLog | 15 +++++++++++++++ .../EntryPoint/unix/NetworkProcessMain.cpp | 4 ++-- .../WebProcess/EntryPoint/unix/WebProcessMain.cpp | 4 ++-- 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/Source/WebKit2/ChangeLog b/Source/WebKit2/ChangeLog index 7abb9bdf7540..1f27e248f210 100644 --- a/Source/WebKit2/ChangeLog +++ b/Source/WebKit2/ChangeLog @@ -1,3 +1,18 @@ +2015-03-05 Michael Catanzaro + + [SOUP] Disable RC4 + https://bugs.webkit.org/show_bug.cgi?id=140014 + + Reviewed by Carlos Garcia Campos. + + Disallow RC4-based ciphersuites when performing TLS negotiation, + because it is no longer considered secure. + + * NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp: + (main): + * WebProcess/EntryPoint/unix/WebProcessMain.cpp: + (main): + 2015-03-04 Yusuke Suzuki Hide Promise with runtime flags under Cocoa JSContext API diff --git a/Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp b/Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp index 1acd133c7d18..b282e16a3781 100644 --- a/Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp +++ b/Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp @@ -37,9 +37,9 @@ int main(int argc, char** argv) // This workaround will stop working if glib-networking switches away from // GnuTLS or simply stops parsing this variable. We intentionally do not // overwrite this priority string if it's already set by the user. - // Keep this in sync with WebProcessMain.cpp. // https://bugzilla.gnome.org/show_bug.cgi?id=738633 - setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0", 0); + // WARNING: This needs to be KEPT IN SYNC with WebProcessMain.cpp. + setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0:!ARCFOUR-128", 0); return NetworkProcessMainUnix(argc, argv); } diff --git a/Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp b/Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp index 87b45b3c5c0d..5f45d01af78a 100644 --- a/Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp +++ b/Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp @@ -37,9 +37,9 @@ int main(int argc, char** argv) // This workaround will stop working if glib-networking switches away from // GnuTLS or simply stops parsing this variable. We intentionally do not // overwrite this priority string if it's already set by the user. - // Keep this in sync with NetworkProcessMain.cpp. // https://bugzilla.gnome.org/show_bug.cgi?id=738633 - setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0", 0); + // WARNING: This needs to be KEPT IN SYNC with WebProcessMain.cpp. + setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0:!ARCFOUR-128", 0); return WebProcessMainUnix(argc, argv); } -- 2.36.0