More temporary SSL tweaking

Disable TLS 1.0 too, since some sites don't even support that (I'm looking at you, PayPal). Eventually we'll want to make this be more clever, and have it first try TLS 1.1 with extensions, and then fall back to SSL 3.0 if the server gets confused by the new stuff. But that will take some rewriting.
author: Dan Winship <danw@gnome.org> 2009-06-03 20:13:38 -0400
committer: Dan Winship <danw@gnome.org> 2009-06-03 20:13:38 -0400
commit: 777af4c8ec7b73d3c2376091401c00cb945cd6fc (patch)
tree: 79beda8ee43bbf9d08a0741f7bfa220a3ef4ff32
parent: 3dcdf7f79c319a3f392ffef3f26cde025e3a88f3 (diff)
download: libsoup-777af4c8ec7b73d3c2376091401c00cb945cd6fc.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libsoup/soup-gnutls.c b/libsoup/soup-gnutls.c
index 90acb5b9..46b4188e 100644
--- a/libsoup/soup-gnutls.c
+++ b/libsoup/soup-gnutls.c
@@ -447,7 +447,7 @@ soup_ssl_wrap_iochannel (GIOChannel *sock, gboolean non_blocking,
 		goto THROW_CREATE_ERROR;
 
 	/* See http://bugzilla.gnome.org/show_bug.cgi?id=581342 */
-	if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.1", NULL) != 0)
+	if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0)
 		goto THROW_CREATE_ERROR;
 
 	if (gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE,
author	Dan Winship <danw@gnome.org>	2009-06-03 20:13:38 -0400
committer	Dan Winship <danw@gnome.org>	2009-06-03 20:13:38 -0400
commit	777af4c8ec7b73d3c2376091401c00cb945cd6fc (patch)
tree	79beda8ee43bbf9d08a0741f7bfa220a3ef4ff32
parent	3dcdf7f79c319a3f392ffef3f26cde025e3a88f3 (diff)
download	libsoup-777af4c8ec7b73d3c2376091401c00cb945cd6fc.tar.gz