32 lines
1.4 KiB
Text
32 lines
1.4 KiB
Text
|
https://github.com/meduketto/iksemel/issues/48
|
||
|
|
(unbreak with GnuTLS 3.4)
|
||
|
|
|
||
|
|
--- src/stream.c.orig Thu Jul 23 13:16:35 2009
|
||
|
|
+++ src/stream.c Sat Mar 5 15:07:29 2016
|
||
|
|
@@ -63,11 +63,7 @@ tls_pull (iksparser *prs, char *buffer, size_t len)
|
||
|
|
static int
|
||
|
|
handshake (struct stream_data *data)
|
||
|
|
{
|
||
|
|
- const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
|
||
|
|
- const int kx_priority[] = { GNUTLS_KX_RSA, 0 };
|
||
|
|
- const int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0};
|
||
|
|
- const int comp_priority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
|
||
|
|
- const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
|
||
|
|
+ const char *priority_string = "SECURE256:+SECURE192:-VERS-TLS-ALL:+VERS-TLS1.2";
|
||
|
|
int ret;
|
||
|
|
|
||
|
|
if (gnutls_global_init () != 0)
|
||
|
|
@@ -80,11 +76,7 @@ handshake (struct stream_data *data)
|
||
|
|
gnutls_certificate_free_credentials (data->cred);
|
||
|
|
return IKS_NOMEM;
|
||
|
|
}
|
||
|
|
- gnutls_protocol_set_priority (data->sess, protocol_priority);
|
||
|
|
- gnutls_cipher_set_priority(data->sess, cipher_priority);
|
||
|
|
- gnutls_compression_set_priority(data->sess, comp_priority);
|
||
|
|
- gnutls_kx_set_priority(data->sess, kx_priority);
|
||
|
|
- gnutls_mac_set_priority(data->sess, mac_priority);
|
||
|
|
+ gnutls_priority_set_direct(data->sess, priority_string, NULL);
|
||
|
|
gnutls_credentials_set (data->sess, GNUTLS_CRD_CERTIFICATE, data->cred);
|
||
|
|
|
||
|
|
gnutls_transport_set_push_function (data->sess, (gnutls_push_func) tls_push);
|