From: Jun-ya Kato <kato@win6.jp>
Date: Mon, 7 Jun 2021 00:52:14 +0000 (+0000)
Subject: ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS
X-Git-Tag: curl-7_78_0~177
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a3a298da5ee5bdc2199a819aa2a20df9b4d6268e;p=thirdparty%2Fcurl.git

ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS

The latest GnuTLS-3.7.2 implements disable switch for TLSv1.3 compatible
mode for middle box but it is enabled by default, which is unnecessary
for QUIC.

Fixes #6896
Closes #7202
---

diff --git a/lib/vquic/ngtcp2.c b/lib/vquic/ngtcp2.c
index 7f076759b8..d1cd63dfbe 100644
--- a/lib/vquic/ngtcp2.c
+++ b/lib/vquic/ngtcp2.c
@@ -86,7 +86,8 @@ struct h3out {
 #define QUIC_PRIORITY \
   "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+AES-256-GCM:" \
   "+CHACHA20-POLY1305:+AES-128-CCM:-GROUP-ALL:+GROUP-SECP256R1:" \
-  "+GROUP-X25519:+GROUP-SECP384R1:+GROUP-SECP521R1"
+  "+GROUP-X25519:+GROUP-SECP384R1:+GROUP-SECP521R1:" \
+  "%DISABLE_TLS13_COMPAT_MODE"
 #endif
 
 static CURLcode ng_process_ingress(struct Curl_easy *data,