Add %DUMBFW to the default GnuTLS priority strings

* lisp/net/gnutls.el (gnutls-boot-parameters): Add %DUMBFW to the default priority strings (Bug#25061). * etc/NEWS: Mention it. * doc/misc/emacs-gnutls.texi (Help For Users): Point to the GnuTLS priority string documentation URL.
2024-11-23 07:19:15 +00:00 · 2017-12-14 23:16:38 -05:00 · 2017-12-14 23:16:38 -05:00 · a21dac18bb
commit a21dac18bb
parent 780407cff1
3 changed files with 10 additions and 5 deletions
--- a/doc/misc/emacs-gnutls.texi
+++ b/doc/misc/emacs-gnutls.texi
@ -116,9 +116,11 @@ information.
 The @code{gnutls-algorithm-priority} variable sets the GnuTLS priority
 string.  This is global, not per host name (although
@code{gnutls-negotiate} supports a priority string per connection so
-it could be done if needed).  The priority string syntax is in the
+it could be done if needed).  For details see the
@uref{https://www.gnu.org/software/gnutls/documentation.html, GnuTLS
-documentation}.
+documentation} and the
+@uref{https://gnutls.org/manual/html_node/Priority-Strings.html,
+GnuTLS priority string syntax and description}.
@end defvar

@defvar gnutls-trustfiles
--- a/etc/NEWS
+++ b/etc/NEWS
@ -431,6 +431,9 @@ You can enable this by customizing 'mwheel-tilt-scroll-p'.  If you
 want to reverse the direction of the scroll, customize
 'mwheel-flip-direction'.

+++
+** The default GnuTLS priority string now includes %DUMBFW.
+
 ** Emacsclient changes

 +++
--- a/lisp/net/gnutls.el
+++ b/lisp/net/gnutls.el
@ -217,7 +217,7 @@ For the meaning of the rest of the parameters, see `gnutls-boot-parameters'."

 TYPE is `gnutls-x509pki' (default) or `gnutls-anon'.  Use nil for the default.
 HOSTNAME is the remote hostname.  It must be a valid string.
-PRIORITY-STRING is as per the GnuTLS docs, default is \"NORMAL\".
+PRIORITY-STRING is as per the GnuTLS docs, default is based on \"NORMAL\".
 TRUSTFILES is a list of CA bundles.  It defaults to `gnutls-trustfiles'.
 CRLFILES is a list of CRL files.
 KEYLIST is an alist of (client key file, client cert file) pairs.
@ -265,11 +265,11 @@ defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT."
        (priority-string (or priority-string
                             (cond
                              ((eq type 'gnutls-anon)
-                               "NORMAL:+ANON-DH:!ARCFOUR-128")
+                               "NORMAL:+ANON-DH:!ARCFOUR-128:%DUMBFW")
                              ((eq type 'gnutls-x509pki)
                               (if gnutls-algorithm-priority
                                   (upcase gnutls-algorithm-priority)
-                                 "NORMAL")))))
+                                 "NORMAL:%DUMBFW")))))
        (verify-error (or verify-error
                          ;; this uses the value of `gnutls-verify-error'
                          (cond