tags 624029 patch
thanks
The hard-coded algorithms didn't make much sense to me, was there some
special reason behind them? Otherwise, please try the patch below to
resolve this by using GnuTLS's default ciphers.
/Simon
diff --git a/libmu_auth/tls.c b/libmu_auth/tls.c
index ae3a9a5..29d9433 100644
--- a/libmu_auth/tls.c
+++ b/libmu_auth/tls.c
@@ -423,20 +423,9 @@ prepare_client_session (mu_stream_t stream)
struct _mu_tls_stream *sp = (struct _mu_tls_stream *) stream;
int rc;
mu_transport_t transport[2];
- static int protocol_priority[] = {GNUTLS_TLS1, GNUTLS_SSL3, 0};
- static int kx_priority[] = {GNUTLS_KX_RSA, 0};
- static int cipher_priority[] = {GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_CIPHER_ARCFOUR_128,
- 0};
- static int comp_priority[] = {GNUTLS_COMP_NULL, 0};
- static int mac_priority[] = {GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0};
gnutls_init (&sp->session, GNUTLS_CLIENT);
- gnutls_protocol_set_priority (sp->session, protocol_priority);
- gnutls_cipher_set_priority (sp->session, cipher_priority);
- gnutls_compression_set_priority (sp->session, comp_priority);
- gnutls_kx_set_priority (sp->session, kx_priority);
- gnutls_mac_set_priority (sp->session, mac_priority);
+ gnutls_priority_set_direct (sp->session, "NORMAL", NULL);
gnutls_certificate_allocate_credentials (&x509_cred);
if (mu_tls_module_config.ssl_cafile)
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
