[libsoup] More temporary SSL tweaking

From: Dan Winship <danw src gnome org>
To: svn-commits-list gnome org
Subject: [libsoup] More temporary SSL tweaking
Date: Wed, 3 Jun 2009 20:15:26 -0400 (EDT)

commit 777af4c8ec7b73d3c2376091401c00cb945cd6fc
Author: Dan Winship <danw gnome org>
Date:   Wed Jun 3 20:13:38 2009 -0400

    More temporary SSL tweaking
    
    Disable TLS 1.0 too, since some sites don't even support that (I'm
    looking at you, PayPal). Eventually we'll want to make this be more
    clever, and have it first try TLS 1.1 with extensions, and then fall
    back to SSL 3.0 if the server gets confused by the new stuff. But that
    will take some rewriting.
---
 libsoup/soup-gnutls.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/libsoup/soup-gnutls.c b/libsoup/soup-gnutls.c
index 90acb5b..46b4188 100644
--- a/libsoup/soup-gnutls.c
+++ b/libsoup/soup-gnutls.c
@@ -447,7 +447,7 @@ soup_ssl_wrap_iochannel (GIOChannel *sock, gboolean non_blocking,
 		goto THROW_CREATE_ERROR;
 
 	/* See http://bugzilla.gnome.org/show_bug.cgi?id=581342 */
-	if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.1", NULL) != 0)
+	if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0)
 		goto THROW_CREATE_ERROR;
 
 	if (gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE,

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]