Midori Web Browser

Re: Bug#804196: midori gets bad results from https://www.howsmyssl.com/

Bug #1517265 reported by Sergio Durigan Junior on 2015-11-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Midori Web Browser	In Progress	Undecided	Unassigned
	midori (Debian)	Confirmed	Undecided	Unassigned

Bug Description

affects midori
affects debian/midori
status confirmed

On Tuesday, November 17 2015, Alberto Garcia wrote:

> On Mon, Nov 16, 2015 at 07:17:54PM -0500, Sergio Durigan Junior wrote:
>
>> After investigating it a bit, I found that libwebkitgtk is the
>> responsible for setting the G_TLS_GNUTLS_PRIORITY environment
>> variable.
>
> This has to be done very early in main() and libwebkitgtk-* cannot
> guarantee that, so it's the application's reponsibility to do it.
>
> Packages using the WebKit2 API (libwebkit2gtk-*) have multiple
> processes and the Web and Network processes can do that themselves,
> but that's not possible for apps using the WebKit1 API (like Midori).

Thanks, Alberto.

I am filing a bug upstream about this, and I intend to submit a patch
soon.

Cheers,

--
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF 31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
http://sergiodj.net/

Related branches

lp://staging/~sergiodj/midori/safe-ciphers

Ready for review for merging into lp://staging/midori

Cris Dywan: Pending requested 2015-11-18

Danielle Foré (danrabbit) on 2015-12-04

Changed in midori:
status:	New → In Progress
assignee:	nobody → Sergio Durigan Junior (sergiodj)

Revision history for this message

gue5t gue5t (gue5t) wrote on 2016-01-23: Re: Re: Bug#804196: midori gets bad results from https://www.howsmyssl.com/

I'm seeing "Probably Okay" in both the latest Firefox and in Midori (webkit1/gtk2, libsoup 2.52.2, gnutls 3.4.8 on Arch Linux), but with a much longer list of ciphers for Midori:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CCM
TLS_ECDHE_ECDSA_WITH_AES_256_CCM
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CCM
TLS_RSA_WITH_AES_256_CCM
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CCM
TLS_DHE_RSA_WITH_AES_256_CCM
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

Compared to these for Firefox:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

Where can one go to learn which ciphers are insecure and why?

I'm seeing "Probably Okay" in both the latest Firefox and in Midori (webkit1/gtk2, libsoup 2.52.2, gnutls 3.4.8 on Arch Linux), but with a much longer list of ciphers for Midori:

Compared to these for Firefox:

Where can one go to learn which ciphers are insecure and why?

Revision history for this message

gue5t gue5t (gue5t) wrote on 2016-01-23:

I forgot to mention that the WebKitGTK+ version here is 2.4.9.

Sergio Durigan Junior (sergiodj) on 2020-04-29

Changed in midori:
assignee:	Sergio Durigan Junior (sergiodj) → nobody

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.