GNOME Bugzilla – Bug 641081
Fails to connect to a TLS-only site
Last modified: 2011-04-28 11:21:57 UTC
Epiphany (2.30.6-1, on Debian) fails to connect to a host that has been configured not to allow SSLv2/SSLv3 (Apache directive "SSLProtocol all -SSLv2 -SSLv3"). The server logs indicate that no TLS handshake was tried: [Mon Jan 31 16:55:45 2011] [info] [client 134.2.244.86] Connection to child 16 established (server ssl-test.sugarlabs.org:443) [Mon Jan 31 16:55:45 2011] [info] Seeding PRNG with 656 bytes of entropy [Mon Jan 31 16:55:45 2011] [info] [client 134.2.244.86] SSL library error 1 in handshake (server ssl-test.sugarlabs.org:443) [Mon Jan 31 16:55:45 2011] [info] SSL Library Error: 336109835 error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number [Mon Jan 31 16:55:45 2011] [info] [client 134.2.244.86] Connection closed to child 16 with abortive shutdown (server ssl-test.sugarlabs.org:443)
Correct, libsoup currently only does SSLv3, because there are more servers that only support SSLv3 and can't support TLS at all than there are servers that only support TLS and refuse to support SSLv3. (And for technical reasons, it can't currently retry the other way around if the first attempt fails.) *** This bug has been marked as a duplicate of bug 581342 ***
Note that, as said on #581342, TLS (which is already 11 year old) is the only IETF-standardized version. Disabling TLS to accommodate broken websites won't help them migrate to a sensible protocol.