Commit 01a43ad9 authored by Dan Winship's avatar Dan Winship
Browse files

Disable TLS 1.2 in addition to 1.0 and 1.1

Due to bug 581342 we want to only negotiate SSL 3.0. Previously we
were telling gnutls to not do TLS1.0 or TLS1.1, but that means with
newer versions of gnutls that support TLS1.2 it would try to negotiate
that instead and generally fail. Fix that by disabling TLS1.2 too
(which works fine even with gnutls versions that don't support TLS1.2
parent 213d34a2
......@@ -477,7 +477,7 @@ soup_ssl_wrap_iochannel (GIOChannel *sock, gboolean non_blocking,
/* See */
if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0)
if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0)
if (gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE,
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment