TLS: make GnuTLS priorities compatible with CentOS 7 and Debian 9

gnutls-3.3.26-9.el7.x86_64 and libgnutls30-3.5.8-5+deb9u3 do not support
@SYSTEM keyword and CentOS 7 has problem with -VERS-DTLS-ALL.

We do not configure DTLS sockets so it should be harmless to delete
the DTLS keyword.

@SYSTEM is replaced by NORMAL, oh well.

fixup! TLS client: enforce minimal TLS version and no compression

diff --git a/daemon/tls.c b/daemon/tls.c
index 8a55feb6ff6f117478c2e769417c8dbf75776fbc..b8f286a3214b88a8a7c5684c09c7d9c70dd38205 100644 (file)
--- a/daemon/tls.c
+++ b/daemon/tls.c
@@ -81,8 +81,7 @@ static int client_verify_certificate(gnutls_session_t tls_session);
  */
 static int kres_gnutls_set_priority(gnutls_session_t session) {
        static const char * const priorities =
-               "@SYSTEM:" /* GnuTLS system-wide settings */
-               "-VERS-DTLS-ALL:" /* we do not support DTLS yet */
+               "NORMAL:" /* GnuTLS defaults */
                "-VERS-TLS1.0:-VERS-TLS1.1:" /* TLS 1.2 and higher */
                "-COMP-ALL:+COMP-NULL"; /* no compression*/
        const char *errpos = NULL;