Posted on

Google earth and TLSv1.0

We love Google Earth™ (GE) and have been taking advantage of its advanced network KML features for years now so have got pretty familiar with what’s underneath.
The network capabilities of Google earth are made possible through the open source QT framework which is how you can handle HTTP/S KML content or browse the web within GE.
Linux power users of GE will be aware of it’s https problem – it doesn’t do SSL because the .so libs it ships with aren’t compiled for SSL which is quick to fix by replacing them with libs which are.
Windows users have until now enjoyed seamless SSL compatibility with GE but that has changed recently as we discovered.

In the last year the extremely popular OpenSSL software has found to be to the extent that web browser vendors have taken the extreme measure of blocking websites running unsafe instances of SSL like SSLv3. Read more here. Unfortunately Google earth 7.1.x is compiled for TLSv1.0/SSLv3 so if your web server has been updated to address the security issues you may be in for nasty surprise as your Google earth network layers may stop working – without a useful error message. The reason is the encrypted handshake fails because Google earth expects TLSv1.0, now widely regarded as unsafe and old. The solution is either to re-enable legacy ciphers like TLS1.0 on your SSL configuration OR roll back to plain old HTTP which isn’t ideal.

Affected versions:
Google earth free edition
Google earth Pro
Google earth Pro