SSL compatibility mode

Eion Robb eion at
Mon Oct 15 15:55:56 EDT 2012

You say "For example, google doesn't close its connections
gracefully".  What do you mean by that?  Do you have a capture of
sent/received HTTP request/responses?  Is that when sending the
'Conneciton: close' header, or if it's left out?


On 16 October 2012 08:13, Tomasz Wasilczyk <tomkiewicz.groups at> wrote:
> Hi,
> I wish, you are not so tired with all my suggestions ;).
> I was implementing new HTTP support and I came into a problem: some
> servers are not 100% compatible with TLS standard. For example, google
> doesn't close its connections gracefully. In such cases, it would be
> good to provide "compatibility mode".
> I have implemented it [1], but I have one problem: compatibility mode
> can be set after getting PurpleSslConnection pointer. It's OK for
> purple_ssl_connect, because after exitting from it, no SSL operations
> are performed yet (standard TCP connection is made first, so we have
> to wait for connection). But within purple_ssl_connect_with_host_fd,
> connectfunc is called before exitting it, so we are not able to set
> compatibility level just after initializing TLS session. I have some
> ideas:
> - we may not implement support for
> gnutls_session_enable_compatibility_mode (see [1]), leaving just
> PURPLE_SSL_COMPATIBILITY_SECURE mode (and fixing google issue)
> - we may ignore purple_ssl_connect_with_host_fd in that case (bad idea, I think)
> - we may call connectfunc from purple_ssl_connect_with_host_fd in
> *next* main loop iteration, with purple_timeout_add(0, ...), allowing
> to set compatibility mode before calling connectfunc (I like this the
> most)
> Please, look though my patch and post any suggestions.
> By the way: new HTTP implementation base functionality is now almost ready.
> Waiting for comments,
> Tomek
> [1]
> _______________________________________________
> Devel mailing list
> Devel at

More information about the Devel mailing list