Nick wrote: > Still, though, > https://www.ssllabs.com/ssltest/analyze.html?d=fahrkarten.bahn.de > says that the site uses TLS 1.0, and not SSLv3, so if wireshark is > correct webkit is still doing the wrong thing. > > Can you confirm that it's definitely trying to use SSLv3?
Nope, I was too quick and only looked at the outer layer version field which always seems to be SSLv3. Actually webkit tries TLS1.2, then it tries TLS1.1, then TLS1.0 and probably after seeing that only one Ciphermode using RC4 is available it aborts, since RC4 has been broken for years and is not safe to use. Imho this is the right behaviour and I wrote a subtle mail to inform them about this issue. --Markus
