Summary: | net-libs/gnutls-2.10.0 causes: www-client/midori-0.2.6 SSL handshake failed: A record packet with illegal version was received. | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Justin Lecher (RETIRED) <jlec> |
Component: | Current packages | Assignee: | XFCE Team <xfce> |
Status: | RESOLVED DUPLICATE | ||
Severity: | normal | CC: | gentoo, uzytkownik2 |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | upstream bug: 886 | ||
Package list: | Runtime testing required: | --- | |
Attachments: | paludis --info for gnutls-2.10.0 |
Description
Justin Lecher (RETIRED)
2010-06-28 19:46:36 UTC
I get a similar problem. No error message is returned, but for any https page I try, the connection times out. I think this is a webkit problem, as the same thing happens to uzbl (but not elinks). It's a pretty new bug - they were both working not long ago (sorry for the lack of specificity). I expect it's due to the new webkit version which made it into stable recently, but the old versions were removed, so I can't test by downgrading. To clarify, my above comment refered to webkit-gtk-1.1.15.4 (the latest stable). I just upgraded to webkit-gtk-1.2.1 to test, and I see the "SSL handshake failed: A record packet with illegal version was received" message. So while this error message only appears with the 1.2.1, I think the problem prompting it is occuring with 1.1.15.4 too. This is likely the same as uzbl bug http://www.uzbl.org/bugs/index.php?do=details&task_id=237 Relevant package options: net-libs/gnutls-2.10.0 -bindist cxx -doc -examples -guile -lzo nls zlib net-libs/webkit-gtk-1.2.1 -coverage -debug -doc -gstreamer websockets -test net-libs/libsoup-2.30.2 -debug -doc -gnome -introspection ssl Some light googling suggests this is a gnutls problem - I'll investigate further. I can confirm that downgrading gnutls to 2.8.6 fixes the problem. However this version is vulnerable to MITMs - see bug 292025. While a MITM-vulnerable SSL implementation is bad, it is better than one which doesn't work at all. So to recap, both webkit-gtk 1.2.1 and 1.1.15.4 are affected by this, the only difference being that webkit-gtk is explicit about the error received by GNUTLS. Created attachment 236921 [details]
paludis --info for gnutls-2.10.0
For good measure, the full output of paludis --info gnutls, for the troublesome version (2.10.0).
Great research Nick. So now we have a cause for the issues with the webkit browsers. I don't see a gnutls bug report open yet. I wonder if it is something that upstream browsers need to fix or upstream gnutls. Looks like the collateral damage from gnutls-2.10.0 is high. eg. bug 307343 & 325945 =/ Woop. The libsoup patch mentioned in bug 325945 fixes the problem perfectly (for uzbl too) - I'm posting this through https with Midori now :-) *** Bug 326359 has been marked as a duplicate of this bug. *** *** This bug has been marked as a duplicate of bug 307343 *** |