[glib-networking] gnutls: add %COMPAT to the gnutls priority strings

From: Dan Winship <danw src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib-networking] gnutls: add %COMPAT to the gnutls priority strings
Date: Sun, 7 Aug 2011 16:33:31 +0000 (UTC)

commit 0fdfbc1cbecd0e883376ebe5b4c063b2ae8fd7f8
Author: Dan Winship <danw gnome org>
Date:   Sun Aug 7 12:29:42 2011 -0400

    gnutls: add %COMPAT to the gnutls priority strings
    
    %COMPAT enables certain compatibility behavior. In particular, it
    disables padding of records, which other TLS libraries don't do even
    though it's good for security, because some broken servers can't cope
    with it.
    
    Part of
    https://bugzilla.gnome.org/show_bug.cgi?id=581342

 tls/gnutls/gtlsconnection-gnutls.c |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)
---
diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c
index 71c8a2f..7cb7f9c 100644
--- a/tls/gnutls/gtlsconnection-gnutls.c
+++ b/tls/gnutls/gtlsconnection-gnutls.c
@@ -199,16 +199,16 @@ g_tls_connection_gnutls_init_priorities (void)
   /* First field is "ssl3 only", second is "allow unsafe rehandshaking" */
 
   gnutls_priority_init (&priorities[FALSE][FALSE],
-			"NORMAL",
+			"NORMAL:%COMPAT",
 			NULL);
   gnutls_priority_init (&priorities[TRUE][FALSE],
-			"NORMAL:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0",
+			"NORMAL:%COMPAT:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0",
 			NULL);
   gnutls_priority_init (&priorities[FALSE][TRUE],
-			"NORMAL:%UNSAFE_RENEGOTIATION",
+			"NORMAL:%COMPAT:%UNSAFE_RENEGOTIATION",
 			NULL);
   gnutls_priority_init (&priorities[TRUE][TRUE],
-			"NORMAL:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0:%UNSAFE_RENEGOTIATION",
+			"NORMAL:%COMPAT:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0:%UNSAFE_RENEGOTIATION",
 			NULL);
 }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]