ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS

The latest GnuTLS-3.7.2 implements disable switch for TLSv1.3 compatible mode for middle box but it is enabled by default, which is unnecessary for QUIC. Fixes #6896 Closes #7202
author: Jun-ya Kato <kato@win6.jp> 2021-06-07 00:52:14 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2021-06-08 16:10:39 +0200
commit: a3a298da5ee5bdc2199a819aa2a20df9b4d6268e (patch)
tree: 23f7918a1fb4c1e50c149b14df6e8a6d5ecdd505 /lib/vquic/ngtcp2.c
parent: 3ac9b80525d87004057bb7846cb0f3c6b3633bd7 (diff)
download: curl-a3a298da5ee5bdc2199a819aa2a20df9b4d6268e.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/vquic/ngtcp2.c b/lib/vquic/ngtcp2.c
index 7f076759b..d1cd63dfb 100644
--- a/lib/vquic/ngtcp2.c
+++ b/lib/vquic/ngtcp2.c
@@ -86,7 +86,8 @@ struct h3out {
 #define QUIC_PRIORITY \
   "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+AES-256-GCM:" \
   "+CHACHA20-POLY1305:+AES-128-CCM:-GROUP-ALL:+GROUP-SECP256R1:" \
-  "+GROUP-X25519:+GROUP-SECP384R1:+GROUP-SECP521R1"
+  "+GROUP-X25519:+GROUP-SECP384R1:+GROUP-SECP521R1:" \
+  "%DISABLE_TLS13_COMPAT_MODE"
 #endif
 
 static CURLcode ng_process_ingress(struct Curl_easy *data,
author	Jun-ya Kato <kato@win6.jp>	2021-06-07 00:52:14 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2021-06-08 16:10:39 +0200
commit	a3a298da5ee5bdc2199a819aa2a20df9b4d6268e (patch)
tree	23f7918a1fb4c1e50c149b14df6e8a6d5ecdd505 /lib/vquic/ngtcp2.c
parent	3ac9b80525d87004057bb7846cb0f3c6b3633bd7 (diff)
download	curl-a3a298da5ee5bdc2199a819aa2a20df9b4d6268e.tar.gz