Bug 5390 - Copies of the default GnuTLS priority string are all over the place
Summary: Copies of the default GnuTLS priority string are all over the place
Status: NEW
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Other (show other bugs)
Version: 4.3.0
Hardware: PC Unknown
: P2 Normal
Target Milestone: LowPrio
Assignee: Peter Åstrand
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-12-18 14:01 CET by Karl Mikaelsson
Modified: 2021-06-09 09:29 CEST (History)
1 user (show)

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Karl Mikaelsson cendio 2014-12-18 14:01:12 CET 
> $ git grep "NORMAL:-VERS-SSL3.0"
> doc/external/gnutls-priorities.xml.in:        "NORMAL:-VERS-SSL3.0", which means the standard, secure GnuTLS
> doc/scripts/insert-gnutls-lists.py:    format_output(_call_gnutls(["--priority", "NORMAL:-VERS-SSL3.0"]))
> tladm/tlwebadm/tlwebadm:    priority = hive.get_string("/%s/gnutls_priority" % CONFIGPATH, "NORMAL:-VERS-SSL3.0")
> tladm/tlwebadm/tlwebadm.hconf:gnutls_priority=NORMAL:-VERS-SSL3.0
> tlmisc/tlstunnel/tlstunnel.c:static char priority[1024] = "NORMAL:-VERS-SSL3.0";
> webaccess/tlwebaccess:    priority = hive.get_string("/%s/gnutls_priority" % CONFIGPATH, "NORMAL:-VERS-SSL3.0")
> webaccess/webaccess.hconf:gnutls_priority=NORMAL:-VERS-SSL3.0

It would be nice to get rid of a few of these hard-coded strings and read them from a single source instead.
Comment 1 Pierre Ossman cendio 2021-06-09 09:27:45 CEST 
Perhaps we should have an empty priority and instead rely on gnutls_set_default_priority():

https://gnutls.org/manual/html_node/Core-TLS-API.html#gnutls_005fset_005fdefault_005fpriority

This might also help us solve bug 5956?
Comment 2 Pierre Ossman cendio 2021-06-09 09:29:13 CEST 
(In reply to Pierre Ossman from comment #1)
> This might also help us solve bug 5956?

That should be bug 5948.
Note You need to log in before you can comment on or make changes to this bug.