When I go to www.ziggo.nl with rekonq or konqueror (both khtml and webkit) I have to a long time and then get a dialogue window with the message that the certificate could not be validated (with the options details, continue or annuleren). This did not happen with kde 4.8.5, the site loaded without problems.
When I choose an option and continue to another site, certificates are not accepted automatically any more.
Steps to Reproduce:
1. Start rekonq or konqueror
2. Go to www.ziggo.nl
A long time nothing happens, then the dialogue window with problem about certificate appears
Site loads without problems (as it did in 4.8.5)
This problem does not occur when I only update the qt4 libraries. I only occurs when I update kde to 4.9.1 (from 4.8.5).
Started a discussion on opensuse-kde:
It is confirmed by others and it might be openSUSE 12.2 specific.
It happens also in kmail. Do not know what kind of certificates are giving problems.
(In reply to comment #1)
> Started a discussion on opensuse-kde:
> It is confirmed by others and it might be openSUSE 12.2 specific.
openSSL 1.0.1 specific. oS 12.1 shipped 1.0.0, thus is not affected. Other distros most probably have the same problem with their latest incarnation.
This bug is related to, but not the same as:
In this case, the server actually supports TLSv1.2:
$> openssl s_client -msg -connect www.ziggo.nl:443
>>> TLS 1.2 [length 013b]
01 00 01 37 03 03 ... // ClientHello, protocol version: 03 03: SSL version 3.3 aka TLS1.2
<<< TLS 1.2 [length 0051]
02 00 00 4d 03 03 ... // ServerHello, TLS 1.2
The bug is in QT itself:
QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher)
QSslCipher ciph; char buf ;
QString descriptionOneLine = QString::fromLatin1(q_SSL_CIPHER_description(cipher, buf, sizeof(buf)));
QStringList descriptionList = descriptionOneLine.split(QLatin1String(" "), QString::SkipEmptyParts);
QString protoString = descriptionList.at(1);
ciph.d->protocolString = protoString;
ciph.d->protocol = QSsl::UnknownProtocol;
if (protoString == QLatin1String("SSLv3"))
ciph.d->protocol = QSsl::SslV3;
else if (protoString == QLatin1String("SSLv2"))
ciph.d->protocol = QSsl::SslV2;
else if (protoString == QLatin1String("TLSv1"))
ciph.d->protocol = QSsl::TlsV1;
So no match for TLS > 1.0 -> QSsl:UnknownProtocol.
Qt 5.0 has the needed defines for TLS1.1/1.2, should we backport?
Yes, it should be backported to Qt 4.8.x, but... was it reported to the Qt bugtracker? Even if some KDE developers do Qt development, they are still different projects.
I reported this bug, but I do not have this bug anymore on openSUSE 12.2 with the latest KDE from KDE:Release:49 (4.9.5 at the moment with qt 4.8.4). I do not know why or that this means it is solved.