gweb: Use GnuTLS priority string to provide wide compatibility

This priority string will only enable SSL 3.0 and TLS 1.0 as protocols
and will disable, via the %COMPAT keyword, several TLS protocol options
that are known to cause compatibility problems.

Reference: http://www.gnu.org/software/gnutls/manual/html_node/Interoperability.html#Interoperability

diff --git a/gweb/giognutls.c b/gweb/giognutls.c
index 887109a..db061b1 100644 (file)
--- a/gweb/giognutls.c
+++ b/gweb/giognutls.c
@@ -449,7 +449,8 @@ GIOChannel *g_io_channel_gnutls_new(int fd)
 #endif
 
        gnutls_priority_set_direct(gnutls_channel->session,
-                               "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0", NULL);
+               "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT",
+               NULL);
 
        gnutls_certificate_allocate_credentials(&gnutls_channel->cred);
        gnutls_credentials_set(gnutls_channel->session,