From 6494eb033439afb788e2da49401b6a8936bac43b Mon Sep 17 00:00:00 2001
From: Andreas Metzler <ametzler@bebt.de>
Date: Sun, 2 Apr 2017 17:56:15 +0200
Subject: Use NORMAL priority for SSLv23_*_method.

Instead of enforcing TLS1.0/SSL3.0 use gnutls NORMAL priority for
SSLv23_*_methods.

http://bugs.debian.org/857436
---
 extra/gnutls_openssl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/extra/gnutls_openssl.c b/extra/gnutls_openssl.c
index 4ec0698706..0bc4c5a1b4 100644
--- a/extra/gnutls_openssl.c
+++ b/extra/gnutls_openssl.c
@@ -483,7 +483,7 @@ SSL_METHOD *SSLv23_client_method(void)
 		return NULL;
 
 	strcpy(m->priority_string,
-	       "NONE:+VERS-TLS1.0:+VERS-SSL3.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
+	       "NORMAL");
 
 	m->connend = GNUTLS_CLIENT;
 
@@ -498,7 +498,7 @@ SSL_METHOD *SSLv23_server_method(void)
 		return NULL;
 
 	strcpy(m->priority_string,
-	       "NONE:+VERS-TLS1.0:+VERS-SSL3.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
+	       "NORMAL");
 	m->connend = GNUTLS_SERVER;
 
 	return m;
-- 
cgit v1.2.1