Bug 979705 - libsoup/gnults can't connect to TLSv1-only webdav/caldav server because it specified version 3 (0x0300) in ClientHello
libsoup/gnults can't connect to TLSv1-only webdav/caldav server because it sp...
Status: CLOSED DUPLICATE of bug 975457
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libsoup (Show other bugs)
6.5
Unspecified Unspecified
unspecified Severity medium
: beta
: 6.5
Assigned To: Dan Winship
Desktop QE
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-29 12:39 EDT by David Jaša
Modified: 2013-07-02 05:33 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-01 10:49:22 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Jaša 2013-06-29 12:39:24 EDT
Description of problem:
evolution/e-d-s/libsoup/gnults can't connect to TLSv1-only caldav server because it specified version 3 (0x0300) in ClientHello. According to RFCs, latest TLS version supported by client should be specified in client hellos, for which GnuTLS provides convenient %LATEST_RECORD_VERSION keyword:
http://gnutls.org/manual/gnutls.html#tab_003aprio_002dspecial1

The bug might easily be in lower layers (libsoup) as wel...

Version-Release number of selected component (if applicable):
evolution-2.32.3-9.el6.x86_64
evolution-data-server-2.32.3-7.el6.x86_64
libsoup-2.28.2-4.el6.x86_64
gnutls-2.8.5-10.el6_4.2.x86_64

How reproducible:
always

Steps to Reproduce:
1. create a new caldav calendar in evolution:
  - use any uri on https server that supports only TLSv1 or better
  - check "Use SSL"
2. start network capture on port 443
3. hit "Browser server to discover calendar" button

Actual results:
* version in ClientHello handshake is SSL 3.0 (0x0300)
* connection is refused

Expected results:
* version in ClientHello is highest supported by client
* connection is established

Additional info:
My server supports just TLSv1 (apache + mod_nss: TLS 1.1 and 1.2 aren't supported yet and I disabled SSLv3 support)
Comment 1 David Jaša 2013-06-29 13:44:43 EDT
The issue is the same when using nautilus to connect to the same server via webdav, thust I expect that the problematic component is actually libsoup.
nautilus-2.28.4-19.el6.x86_64
gvfs-1.4.3-15.el6.x86_64
Comment 2 Milan Crha 2013-07-01 03:38:40 EDT
This is bug #975457, from my point of view.
Comment 3 Dan Winship 2013-07-01 10:08:21 EDT
yes, this is exactly the same bug as 975457
Comment 4 Milan Crha 2013-07-01 10:49:22 EDT
Thanks for the confirmation, I'm marking it as such.

*** This bug has been marked as a duplicate of bug 975457 ***

Note You need to log in before you can comment on or make changes to this bug.