GnuTLS versions 2.9.7 and later breaks libsoup (epiphany)
nmav at gnutls.org
Sun Jun 27 18:03:35 CEST 2010
Dan Winship wrote:
>> A better solution is to attempt the NORMAL setting first, and if it
>> fails, also attempt to negotiate using SSL3+TLS1 only. If that fails,
>> stop retrying.
> As someone else noted, PayPal's server is too broken for that. My plan
> was to try NORMAL first, and then fall back to SSL3-only; otherwise
> there are too many variables for different ways servers could be broken
> (maybe they support TLS 1.0 without extensions, but fail if you try to
> use the server name extension, etc).
At least for paypal using the %COMPAT flag does the job.
More information about the Gnutls-devel