[SOUP] Remove LATEST_RECORD_VERSION from GnuTLS priority string

https://bugs.webkit.org/show_bug.cgi?id=172153 Based on discussion with Nikos in https://bugzilla.gnome.org/show_bug.cgi?id=782218, we should remove LATEST_RECORD_VERSION from our GnuTLS priority string. This causes GnuTLS to use the latest TLS record version (the record format is separate from the TLS protocol version), which we needed a couple years ago (after dropping SSLv3) for maximum compatibility with broken web servers. But it's not needed anymore, and is causing new compatibility problems with other broken web servers, so let's get rid of it. Reviewed by Carlos Garcia Campos. * NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp: (main): * WebProcess/EntryPoint/unix/WebProcessMain.cpp: (main): Canonical link: https://commits.webkit.org/189085@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@216915 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · May 16, 2017 · 527e124 · 527e124
1 parent 09a87ba
commit 527e124
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 2 deletions.
diff --git a/Source/WebKit2/ChangeLog b/Source/WebKit2/ChangeLog
@@ -1,3 +1,22 @@
+2017-05-16  Michael Catanzaro  <mcatanzaro@igalia.com>
+
+        [SOUP] Remove LATEST_RECORD_VERSION from GnuTLS priority string
+        https://bugs.webkit.org/show_bug.cgi?id=172153
+
+        Based on discussion with Nikos in https://bugzilla.gnome.org/show_bug.cgi?id=782218, we
+        should remove LATEST_RECORD_VERSION from our GnuTLS priority string. This causes GnuTLS to
+        use the latest TLS record version (the record format is separate from the TLS protocol
+        version), which we needed a couple years ago (after dropping SSLv3) for maximum
+        compatibility with broken web servers. But it's not needed anymore, and is causing new
+        compatibility problems with other broken web servers, so let's get rid of it.
+
+        Reviewed by Carlos Garcia Campos.
+
+        * NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:
+        (main):
+        * WebProcess/EntryPoint/unix/WebProcessMain.cpp:
+        (main):
+
 2017-05-15  Andy Estes  <aestes@apple.com>
 
         Make the application PID available to WebCore

diff --git a/Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp b/Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp
@@ -39,7 +39,7 @@ int main(int argc, char** argv)
     // overwrite this priority string if it's already set by the user.
     // https://bugzilla.gnome.org/show_bug.cgi?id=738633
     // WARNING: This needs to be KEPT IN SYNC with WebProcessMain.cpp.
-    setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0:!ARCFOUR-128", 0);
+    setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0:!ARCFOUR-128", 0);
 
     return NetworkProcessMainUnix(argc, argv);
 }
diff --git a/Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp b/Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp
@@ -39,7 +39,7 @@ int main(int argc, char** argv)
     // overwrite this priority string if it's already set by the user.
     // https://bugzilla.gnome.org/show_bug.cgi?id=738633
     // WARNING: This needs to be KEPT IN SYNC with WebProcessMain.cpp.
-    setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0:!ARCFOUR-128", 0);
+    setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0:!ARCFOUR-128", 0);
 
     return WebProcessMainUnix(argc, argv);
 }