[glib-networking] Revert "gnutls: Change the GnuTLS priority string from NORMAL to SECURE256"

From: Dan Winship <danw src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib-networking] Revert "gnutls: Change the GnuTLS priority string from NORMAL to SECURE256"
Date: Thu, 14 Jun 2012 13:31:02 +0000 (UTC)

commit 999859f9ff695cc6af4c5d82550d4cacb64cbbef
Author: Dan Winship <danw gnome org>
Date:   Thu Jun 14 09:29:54 2012 -0400

    Revert "gnutls: Change the GnuTLS priority string from NORMAL to SECURE256"
    
    On gnutls 2.12.x, SECURE256 just changes the preferred negotiation
    order, but on 3.0.x, it means "disable all non-256-bit ciphers", which
    breaks many sites.
    
    This reverts commit 6550c7e9cf928b13ed1d1167004c1f6e16e0173f.

 tls/gnutls/gtlsconnection-gnutls.c |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)
---
diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c
index 1db7914..b8fc86c 100644
--- a/tls/gnutls/gtlsconnection-gnutls.c
+++ b/tls/gnutls/gtlsconnection-gnutls.c
@@ -150,16 +150,16 @@ g_tls_connection_gnutls_init_priorities (void)
   /* First field is "ssl3 only", second is "allow unsafe rehandshaking" */
 
   gnutls_priority_init (&priorities[FALSE][FALSE],
-			"SECURE256:%COMPAT",
+			"NORMAL:%COMPAT",
 			NULL);
   gnutls_priority_init (&priorities[TRUE][FALSE],
-			"SECURE256:%COMPAT:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0",
+			"NORMAL:%COMPAT:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0",
 			NULL);
   gnutls_priority_init (&priorities[FALSE][TRUE],
-			"SECURE256:%COMPAT:%UNSAFE_RENEGOTIATION",
+			"NORMAL:%COMPAT:%UNSAFE_RENEGOTIATION",
 			NULL);
   gnutls_priority_init (&priorities[TRUE][TRUE],
-			"SECURE256:%COMPAT:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0:%UNSAFE_RENEGOTIATION",
+			"NORMAL:%COMPAT:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0:%UNSAFE_RENEGOTIATION",
 			NULL);
 }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]