Do not explicitly disable SSLv3 if GnuTLS does it already.
authorAndrej Kacian <ticho@claws-mail.org>
Tue, 23 Aug 2016 15:47:24 +0000 (17:47 +0200)
committerAndrej Kacian <ticho@claws-mail.org>
Tue, 23 Aug 2016 15:47:24 +0000 (17:47 +0200)
Starting with GnuTLS 3.4.0, SSL 3.0 is no longer
included in the default priorities list.

src/common/ssl.c

index c8b1b3d..e25a423 100644 (file)
@@ -330,9 +330,11 @@ gboolean ssl_init_socket(SockInfo *sockinfo)
                debug_print("Setting GnuTLS priority to %s, status = %d\n",
                            sockinfo->gnutls_priority, r);
        }
+#ifdef GNUTLS_VERSION_NUMBER < 0x030400
        else {
                gnutls_priority_set_direct(session, "NORMAL:-VERS-SSL3.0", NULL);
        }
+#endif
        gnutls_record_disable_padding(session);
 
        gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);