luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-08-19 15:18:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

GTlsClientConnection: loosen the semantics of "use-ssl3"

Browse Source 
If SSL 3.0 has been disabled (at the host, application, or library
level), then the "use-ssl3" property becomes a "fail-immediately"
property.

Despite the name, the point of the property wasn't really specifically
to use SSL 3.0; it was to allow fallback when talking to broken
servers that do SSL/TLS negotiation incorrectly and break when they
see unexpectedly-high version numbers. So if we can't fall back to SSL
3.0, then the "use-ssl3" property should fall back to TLS 1.0 instead
(since there are hosts that will reject a TLS 1.2 handshake, but
accept a TLS 1.0 one).

glib-networking is being updated to implement that behavior, so update
the documentation here.

https://bugzilla.gnome.org/show_bug.cgi?id=738633
This commit is contained in:
Dan Winship
2014-11-22 10:54:41 -05:00
parent f6bbd19beb
commit 7f5c862e16
1 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
gio/gtlsclientconnection.c
View File

@@ -103,18 +103,23 @@ g_tls_client_connection_default_init (GTlsClientConnectionInterface *iface)
/** /**
* GTlsClientConnection:use-ssl3: * GTlsClientConnection:use-ssl3:
* *
* If %TRUE, tells the connection to use SSL 3.0 rather than trying * If %TRUE, tells the connection to use a fallback version of TLS
* to negotiate the best version of TLS or SSL to use. This can be * or SSL, rather than trying to negotiate the best version of TLS
* used when talking to servers that don't implement version * to use. This can be used when talking to servers that don't
* negotiation correctly and therefore refuse to handshake at all with * implement version negotiation correctly and therefore refuse to
* a "modern" TLS handshake. * handshake at all with a "modern" TLS handshake.
*
* Despite the property name, the fallback version is not
* necessarily SSL 3.0; if SSL 3.0 has been disabled, the
* #GTlsClientConnection will use the next highest available version
* (normally TLS 1.0) as the fallback version.
* *
* Since: 2.28 * Since: 2.28
*/ */
g_object_interface_install_property (iface, g_object_interface_install_property (iface,
g_param_spec_boolean ("use-ssl3", g_param_spec_boolean ("use-ssl3",
P_("Use SSL3"), P_("Use fallback"),
P_("Use SSL 3.0 rather than trying to use TLS 1.x"), P_("Use fallback version of SSL/TLS rather than most recent version"),
FALSE, FALSE,
G_PARAM_READWRITE | G_PARAM_READWRITE |
G_PARAM_CONSTRUCT | G_PARAM_CONSTRUCT |