aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/gtls.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/gtls.c b/lib/gtls.c
index f44fd7748..e24e7a81e 100644
--- a/lib/gtls.c
+++ b/lib/gtls.c
@@ -453,7 +453,13 @@ gtls_connect_step1(struct connectdata *conn,
rc = gnutls_protocol_set_priority(session, protocol_priority);
#else
const char *err;
- rc = gnutls_priority_set_direct(session, "-VERS-TLS-ALL:+VERS-SSL3.0",
+ /* the combination of the cipher ARCFOUR with SSL 3.0 and TLS 1.0 is not
+ vulnerable to attacks such as the BEAST, why this code now explicitly
+ asks for that
+ */
+ rc = gnutls_priority_set_direct(session,
+ "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0:"
+ "-CIPHER-ALL:+ARCFOUR-128",
&err);
#endif
if(rc != GNUTLS_E_SUCCESS)