2 files changed, 12 insertions, 4 deletions

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 03dc74530..3ef4e909f 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -40,6 +40,7 @@ This release includes the following bugfixes:
  o nss: fix a memory leak when CURLOPT_CRLFILE is used
  o gnutls: ignore invalid certificate dates with VERIFYPEER disabled
  o gnutls: fix SRP support with versions of GnuTLS from 2.99.0
+ o gnutls: fixed compilation against versions < 2.12.0
  o 
 
 This release includes the following known bugs:
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 54bfef118..ec582e096 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -369,10 +369,17 @@ gtls_connect_step1(struct connectdata *conn,
   struct in_addr addr;
 #endif
 #ifndef USE_GNUTLS_PRIORITY_SET_DIRECT
-  static int cipher_priority[] = { GNUTLS_CIPHER_AES_128_GCM,
-    GNUTLS_CIPHER_AES_256_GCM, GNUTLS_CIPHER_AES_128_CBC,
-    GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_CAMELLIA_128_CBC,
-    GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_CIPHER_3DES_CBC,
+  static const int cipher_priority[] = {
+  /* These two ciphers were added to GnuTLS as late as ver. 3.0.1,
+     but this code path is only ever used for ver. < 2.12.0.
+     GNUTLS_CIPHER_AES_128_GCM,
+     GNUTLS_CIPHER_AES_256_GCM,
+  */
+    GNUTLS_CIPHER_AES_128_CBC,
+    GNUTLS_CIPHER_AES_256_CBC,
+    GNUTLS_CIPHER_CAMELLIA_128_CBC,
+    GNUTLS_CIPHER_CAMELLIA_256_CBC,
+    GNUTLS_CIPHER_3DES_CBC,
   };
   static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
   static int protocol_priority[] = { 0, 0, 0, 0 };