gnutls: add PROFILE_MEDIUM as default

author Stefan Eissing <stefan@eissing.org>

Fri, 5 Dec 2025 14:38:12 +0000 (15:38 +0100)

committer Daniel Stenberg <daniel@haxx.se>

Mon, 8 Dec 2025 10:34:48 +0000 (11:34 +0100)
author Stefan Eissing <stefan@eissing.org>
Fri, 5 Dec 2025 14:38:12 +0000 (15:38 +0100)
committer Daniel Stenberg <daniel@haxx.se>
Mon, 8 Dec 2025 10:34:48 +0000 (11:34 +0100)
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c

index 667b09c119fa6fbba8150e140d18dcf62534da77..c7f8f346739a427e1b374e24085839f18acb099a 100644 (file)
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -305,16 +305,17 @@ static gnutls_x509_crt_fmt_t gnutls_do_file_type(const char *type)
    return GNUTLS_X509_FMT_PEM; /* default to PEM */
  }
  
-#define GNUTLS_CIPHERS "NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509"
+#define GNUTLS_CIPHERS "NORMAL:%PROFILE_MEDIUM:-ARCFOUR-128:"\
+  "-CTYPE-ALL:+CTYPE-X509"
  /* If GnuTLS was compiled without support for SRP it will error out if SRP is
     requested in the priority string, so treat it specially
   */
  #define GNUTLS_SRP "+SRP"
  
  #define QUIC_PRIORITY \
-  "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+AES-256-GCM:" \
-  "+CHACHA20-POLY1305:+AES-128-CCM:-GROUP-ALL:+GROUP-SECP256R1:" \
-  "+GROUP-X25519:+GROUP-SECP384R1:+GROUP-SECP521R1:" \
+  "NORMAL:%PROFILE_MEDIUM:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:" \
+  "+AES-256-GCM:+CHACHA20-POLY1305:+AES-128-CCM:-GROUP-ALL:" \
+  "+GROUP-SECP256R1:+GROUP-X25519:+GROUP-SECP384R1:+GROUP-SECP521R1:" \
    "%DISABLE_TLS13_COMPAT_MODE"
  
  static CURLcode
author	Stefan Eissing <stefan@eissing.org>
	Fri, 5 Dec 2025 14:38:12 +0000 (15:38 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Mon, 8 Dec 2025 10:34:48 +0000 (11:34 +0100)