Merge r176252 - [SOUP] [GnuTLS] Don't use a SSL3.0 record version in …

…client hello.

https://bugs.webkit.org/show_bug.cgi?id=138794

Reviewed by Sergio Villar Senin.

It seems that following POODLE many sites incorrectly banned SSL 3.0
record packet versions. Since GnuTLS uses a SSL 3.0 record to
advertise TLS 1.2, they are effectively banning it even if it doesn't
advertise SSL 3.0. That is a server issue, but it can be worked around
by using the modifier %LATEST_RECORD_VERSION.

With this modifier, GnuTLS will use the latest TLS version record
in client hello instead of using the default SSL 3.0.

* NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:
(main):
* WebProcess/EntryPoint/unix/WebProcessMain.cpp:
(main):

Canonical link: https://commits.webkit.org/154760.216@webkitgtk/2.6
git-svn-id: https://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.6@176253 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog

@@ -1,3 +1,24 @@
+2014-11-18  Carlos Alberto Lopez Perez  <clopez@igalia.com>
+
+        [SOUP] [GnuTLS] Don't use a SSL3.0 record version in client hello.
+        https://bugs.webkit.org/show_bug.cgi?id=138794
+
+        Reviewed by Sergio Villar Senin.
+
+        It seems that following POODLE many sites incorrectly banned SSL 3.0
+        record packet versions. Since GnuTLS uses a SSL 3.0 record to
+        advertise TLS 1.2, they are effectively banning it even if it doesn't
+        advertise SSL 3.0. That is a server issue, but it can be worked around
+        by using the modifier %LATEST_RECORD_VERSION.
+
+        With this modifier, GnuTLS will use the latest TLS version record
+        in client hello instead of using the default SSL 3.0.
+
+        * NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:
+        (main):
+        * WebProcess/EntryPoint/unix/WebProcessMain.cpp:
+        (main):
+
 2014-11-15  Carlos Garcia Campos  <cgarcia@igalia.com>
 
         Network process crash when running http/tests/appcache/fallback.html

Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp

@@ -39,7 +39,7 @@ int main(int argc, char** argv)
     // overwrite this priority string if it's already set by the user.
     // Keep this in sync with WebProcessMain.cpp.
     // https://bugzilla.gnome.org/show_bug.cgi?id=738633
-    setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0", 0);
+    setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0", 0);
 
     return NetworkProcessMainUnix(argc, argv);
 }

Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp

@@ -39,7 +39,7 @@ int main(int argc, char** argv)
     // overwrite this priority string if it's already set by the user.
     // Keep this in sync with NetworkProcessMain.cpp.
     // https://bugzilla.gnome.org/show_bug.cgi?id=738633
-    setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0", 0);
+    setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0", 0);
 
     return WebProcessMainUnix(argc, argv);
 }