Skip to content

Commit

Permalink
Modified GnuTLS priority according to standard crypto-policy guideline
Browse files Browse the repository at this point in the history
  • Loading branch information
@jvymazal
jvymazal committed Apr 26, 2018
1 parent fa2e38c commit f71b804
Showing 1 changed file with 4 additions and 14 deletions.
18 changes: 4 additions & 14 deletions src/tcp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -548,23 +548,13 @@ static relpRetVal
relpTcpTLSSetPrio(relpTcp_t *pThis)
{
int r;
char pristringBuf[4096];
char *pristring;
ENTER_RELPFUNC;
/* Compute priority string (in simple cases where the user does not care...) */
if(pThis->pristring == NULL) {
if(pThis->bEnableTLSZip) {
strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-ALL", sizeof(pristringBuf));
} else {
strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-NULL", sizeof(pristringBuf));
}
pristringBuf[sizeof(pristringBuf)-1] = '\0';
pristring = pristringBuf;
/* Set default/system priority string (in simple cases where the user does not care...) */
if(pThis->pristring != NULL) {
r = gnutls_priority_set_direct(pThis->session, pThis->pristring, NULL);
} else {
pristring = pThis->pristring;
r = gnutls_set_default_priority(pThis->session);
}

r = gnutls_priority_set_direct(pThis->session, pristring, NULL);
if(r == GNUTLS_E_INVALID_REQUEST) {
ABORT_FINALIZE(RELP_RET_INVLD_TLS_PRIO);
} else if(r != GNUTLS_E_SUCCESS) {
Expand Down

0 comments on commit f71b804

Please sign in to comment.