Revert "gnutls: Change the GnuTLS priority string from NORMAL to SECURE256"

On gnutls 2.12.x, SECURE256 just changes the preferred negotiation
order, but on 3.0.x, it means "disable all non-256-bit ciphers", which
breaks many sites.

This reverts commit 6550c7e9cf928b13ed1d1167004c1f6e16e0173f.

diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c
index 1db7914..b8fc86c 100644 (file)
--- a/tls/gnutls/gtlsconnection-gnutls.c
+++ b/tls/gnutls/gtlsconnection-gnutls.c
@@ -150,16 +150,16 @@ g_tls_connection_gnutls_init_priorities (void)
   /* First field is "ssl3 only", second is "allow unsafe rehandshaking" */
 
   gnutls_priority_init (&priorities[FALSE][FALSE],
-                       "SECURE256:%COMPAT",
+                       "NORMAL:%COMPAT",
                        NULL);
   gnutls_priority_init (&priorities[TRUE][FALSE],
-                       "SECURE256:%COMPAT:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0",
+                       "NORMAL:%COMPAT:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0",
                        NULL);
   gnutls_priority_init (&priorities[FALSE][TRUE],
-                       "SECURE256:%COMPAT:%UNSAFE_RENEGOTIATION",
+                       "NORMAL:%COMPAT:%UNSAFE_RENEGOTIATION",
                        NULL);
   gnutls_priority_init (&priorities[TRUE][TRUE],
-                       "SECURE256:%COMPAT:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0:%UNSAFE_RENEGOTIATION",
+                       "NORMAL:%COMPAT:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0:%UNSAFE_RENEGOTIATION",
                        NULL);
 }