tls: Use NORMAL:-VERS-SSL3.0 as the default configuration

This seems to be really broken in GnuTLS and the documentation is also
not correct.

This partially reverts 53e3a959b958a3b099df6ecc5f6e294e96bd948e

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14408

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul  1 14:56:33 UTC 2020 on sn-devel-184

1 files changed, 0 insertions, 6 deletions

diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 53eedeb0cb2..da639a8b0ff 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2818,15 +2818,9 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 	lpcfg_do_global_parameter(lp_ctx, "tls keyfile", "tls/key.pem");
 	lpcfg_do_global_parameter(lp_ctx, "tls certfile", "tls/cert.pem");
 	lpcfg_do_global_parameter(lp_ctx, "tls cafile", "tls/ca.pem");
-#ifdef HAVE_GNUTLS_SET_DEFAULT_PRIORITY_APPEND
-	lpcfg_do_global_parameter(lp_ctx,
-				  "tls priority",
-				  "@SAMBA,SYSTEM,NORMAL:!-VERS-SSL3.0");
-#else
 	lpcfg_do_global_parameter(lp_ctx,
 				  "tls priority",
 				  "NORMAL:-VERS-SSL3.0");
-#endif
 
 	lpcfg_do_global_parameter(lp_ctx, "nsupdate command", "/usr/bin/nsupdate -g");