Since recent updates midori doesn't like ssl anymore. Opening https://bugs.gentoo.org/show_bug.cgi?id=326051 results in Error - https://bugs.gentoo.org/show_bug.cgi?id=324987 The page 'https://bugs.gentoo.org/show_bug.cgi?id=324987' couldn't be loaded. SSL handshake failed: A record packet with illegal version was received. net-libs/webkit-gtk-1.2.1 www-client/midori-0.2.6 gnome idn libnotify nls sqlite unique -doc -html dev-libs/openssl-0.9.8o gmp sse2 zlib -bindist -kerberos -test
I get a similar problem. No error message is returned, but for any https page I try, the connection times out. I think this is a webkit problem, as the same thing happens to uzbl (but not elinks). It's a pretty new bug - they were both working not long ago (sorry for the lack of specificity). I expect it's due to the new webkit version which made it into stable recently, but the old versions were removed, so I can't test by downgrading.
To clarify, my above comment refered to webkit-gtk-1.1.15.4 (the latest stable). I just upgraded to webkit-gtk-1.2.1 to test, and I see the "SSL handshake failed: A record packet with illegal version was received" message. So while this error message only appears with the 1.2.1, I think the problem prompting it is occuring with 1.1.15.4 too. This is likely the same as uzbl bug http://www.uzbl.org/bugs/index.php?do=details&task_id=237 Relevant package options: net-libs/gnutls-2.10.0 -bindist cxx -doc -examples -guile -lzo nls zlib net-libs/webkit-gtk-1.2.1 -coverage -debug -doc -gstreamer websockets -test net-libs/libsoup-2.30.2 -debug -doc -gnome -introspection ssl Some light googling suggests this is a gnutls problem - I'll investigate further.
I can confirm that downgrading gnutls to 2.8.6 fixes the problem. However this version is vulnerable to MITMs - see bug 292025. While a MITM-vulnerable SSL implementation is bad, it is better than one which doesn't work at all. So to recap, both webkit-gtk 1.2.1 and 1.1.15.4 are affected by this, the only difference being that webkit-gtk is explicit about the error received by GNUTLS.
Created attachment 236921 [details] paludis --info for gnutls-2.10.0 For good measure, the full output of paludis --info gnutls, for the troublesome version (2.10.0).
Great research Nick. So now we have a cause for the issues with the webkit browsers. I don't see a gnutls bug report open yet. I wonder if it is something that upstream browsers need to fix or upstream gnutls. Looks like the collateral damage from gnutls-2.10.0 is high. eg. bug 307343 & 325945 =/
Woop. The libsoup patch mentioned in bug 325945 fixes the problem perfectly (for uzbl too) - I'm posting this through https with Midori now :-)
*** Bug 326359 has been marked as a duplicate of this bug. ***
*** This bug has been marked as a duplicate of bug 307343 ***