Version: (using KDE KDE 3.3.2) Installed from: Debian stable Packages OS: Linux KDE - Settings - Encryption: SSLv2 is disabled, SSLv3 is enabled, TLS is enabled. The target server (see https://kis.hosteurope.de) does not accept SSLv3 connections, but SSLv2 or TLS connections only. This has been verified using Internet Explorer and Ethereal. However, Konqueror fails to open a TLS connection, but insists on a SSLv3 handshake. This fails on the above server. Enabling/Disabling the TLS setting (SSLv3 enabled) does not change anything (at least I could not detect a change in the handshake). Firefox does a funny thing: Even if set to SSLv3 only, it will start a SSLv2 handshake and then accepts the TLS connection. Microsofts Internet Explorer is the only browser that sticks to its settings. Suggestion: Change the setting "Activate TLS, if server supports it" to "Activate TLS" to be consistent with the SSLv2 and SSLv3 settings. As it is now, disabling SSLv3 and SSLv2, but enabling TLS will yield in a SSLv2 connection. Best regards, roland
*** Bug 116108 has been marked as a duplicate of this bug. ***
Seems to work fine in all configurations with the latest code in 3.5 branch and trunk
Created attachment 17181 [details] Patch for kssl.cc witch enables work with TLSv1. KDE 3.5.3 Konqueror - don't want to work with TLSv1 with or without "Activate TLS, if server supports it". In code we found that all methods for TLS-work exists, but not used. Someone forgot to init TLS methods. We made the a little patch for kssl.cc - and now all works fine. Patch in attachment.
Index: kssl.cc I just put this in 3.5 branch. Does it work for you? =================================================================== --- kssl.cc (revision 516947) +++ kssl.cc (working copy) @@ -129,7 +129,7 @@ return false; if (m_bAutoReconfig) - m_cfg->load(); + m_cfg->load(); if (!m_cfg->tlsv1()) return false; @@ -160,6 +160,9 @@ bool KSSL::initialize() { #ifdef KSSL_HAVE_SSL kdDebug(7029) << "KSSL initialize" << endl; + if (m_cfg->tlsv1()) + return TLSInit(); + if (m_bInit) return false; @@ -499,6 +502,7 @@ if (err != SSL_ERROR_NONE && err != SSL_ERROR_ZERO_RETURN && err != SSL_ERROR_SYSCALL) { rc = -1; // OpenSSL returns 0 on error too + d->kossl->ERR_print_errors_fp(stderr); } // else if (err == SSL_ERROR_ZERO_RETURN)
We have tested your changes for our patch here at our office (LISSI Ltd., http://www.lissi.ru, mailto: info@lissi.ru). Everything works fine. Thanks.
When this patch will be released?
KDE 4, if not a future 3.5 release.
unfortunately this patch causes regressions, for example 132098
I'll track it under 132098 *** This bug has been marked as a duplicate of 132098 ***
SVN commit 571989 by mueller: always allow TLS CCBUG: 108388 M +2 -6 kssl.cc --- trunk/KDE/kdelibs/kio/kssl/kssl.cc #571988:571989 @@ -139,6 +139,8 @@ d->m_meth = d->kossl->TLSv1_client_method(); d->lastInitTLS = true; + m_pi.reset(); + d->m_ctx = d->kossl->SSL_CTX_new(d->m_meth); if (d->m_ctx == 0L) { return false; @@ -282,9 +284,6 @@ } } - if (!d->lastInitTLS) - d->kossl->SSL_set_options(d->m_ssl, SSL_OP_NO_TLSv1); - d->kossl->SSL_set_options(d->m_ssl, SSL_OP_ALL); rc = d->kossl->SSL_set_fd(d->m_ssl, sock); @@ -368,9 +367,6 @@ } } - if (!d->lastInitTLS) - d->kossl->SSL_set_options(d->m_ssl, SSL_OP_NO_TLSv1); - d->kossl->SSL_set_options(d->m_ssl, SSL_OP_ALL); rc = d->kossl->SSL_set_fd(d->m_ssl, sock);