diff --git a/doc/misc/emacs-gnutls.texi b/doc/misc/emacs-gnutls.texi index 92846a924c5..1715c83a0d2 100644 --- a/doc/misc/emacs-gnutls.texi +++ b/doc/misc/emacs-gnutls.texi @@ -116,9 +116,11 @@ information. The @code{gnutls-algorithm-priority} variable sets the GnuTLS priority string. This is global, not per host name (although @code{gnutls-negotiate} supports a priority string per connection so -it could be done if needed). The priority string syntax is in the +it could be done if needed). For details see the @uref{https://www.gnu.org/software/gnutls/documentation.html, GnuTLS -documentation}. +documentation} and the +@uref{https://gnutls.org/manual/html_node/Priority-Strings.html, +GnuTLS priority string syntax and description}. @end defvar @defvar gnutls-trustfiles diff --git a/etc/NEWS b/etc/NEWS index 5324a0944ea..8080e10c7e5 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -431,6 +431,9 @@ You can enable this by customizing 'mwheel-tilt-scroll-p'. If you want to reverse the direction of the scroll, customize 'mwheel-flip-direction'. ++++ +** The default GnuTLS priority string now includes %DUMBFW. + ** Emacsclient changes +++ diff --git a/lisp/net/gnutls.el b/lisp/net/gnutls.el index 98f7b585588..a406b0b07fd 100644 --- a/lisp/net/gnutls.el +++ b/lisp/net/gnutls.el @@ -217,7 +217,7 @@ For the meaning of the rest of the parameters, see `gnutls-boot-parameters'." TYPE is `gnutls-x509pki' (default) or `gnutls-anon'. Use nil for the default. HOSTNAME is the remote hostname. It must be a valid string. -PRIORITY-STRING is as per the GnuTLS docs, default is \"NORMAL\". +PRIORITY-STRING is as per the GnuTLS docs, default is based on \"NORMAL\". TRUSTFILES is a list of CA bundles. It defaults to `gnutls-trustfiles'. CRLFILES is a list of CRL files. KEYLIST is an alist of (client key file, client cert file) pairs. @@ -265,11 +265,11 @@ defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT." (priority-string (or priority-string (cond ((eq type 'gnutls-anon) - "NORMAL:+ANON-DH:!ARCFOUR-128") + "NORMAL:+ANON-DH:!ARCFOUR-128:%DUMBFW") ((eq type 'gnutls-x509pki) (if gnutls-algorithm-priority (upcase gnutls-algorithm-priority) - "NORMAL"))))) + "NORMAL:%DUMBFW"))))) (verify-error (or verify-error ;; this uses the value of `gnutls-verify-error' (cond