summaryrefslogtreecommitdiff
path: root/gweb
diff options
context:
space:
mode:
authorLucas De Marchi <lucas.demarchi@profusion.mobi>2011-07-01 20:50:54 -0300
committerMarcel Holtmann <marcel@holtmann.org>2011-07-01 20:04:37 -0700
commitc53b8dc36b7aa240343b507cfc6ff5194ff9f2eb (patch)
tree22f83710c13a324e05f612fc5f8cb1b365a574ca /gweb
parent2383e638e96608671abbc51b94a9a32cf87e1a1e (diff)
downloadconnman-c53b8dc36b7aa240343b507cfc6ff5194ff9f2eb.tar.gz
connman-c53b8dc36b7aa240343b507cfc6ff5194ff9f2eb.tar.bz2
connman-c53b8dc36b7aa240343b507cfc6ff5194ff9f2eb.zip
gweb: Use GnuTLS priority string to provide wide compatibility
This priority string will only enable SSL 3.0 and TLS 1.0 as protocols and will disable, via the %COMPAT keyword, several TLS protocol options that are known to cause compatibility problems. Reference: http://www.gnu.org/software/gnutls/manual/html_node/Interoperability.html#Interoperability
Diffstat (limited to 'gweb')
-rw-r--r--gweb/giognutls.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/gweb/giognutls.c b/gweb/giognutls.c
index 887109a2..db061b1f 100644
--- a/gweb/giognutls.c
+++ b/gweb/giognutls.c
@@ -449,7 +449,8 @@ GIOChannel *g_io_channel_gnutls_new(int fd)
#endif
gnutls_priority_set_direct(gnutls_channel->session,
- "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0", NULL);
+ "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT",
+ NULL);
gnutls_certificate_allocate_credentials(&gnutls_channel->cred);
gnutls_credentials_set(gnutls_channel->session,