diff options
author | Michael R Sweet <michael.r.sweet@gmail.com> | 2017-07-23 20:02:57 -0400 |
---|---|---|
committer | Michael R Sweet <michael.r.sweet@gmail.com> | 2017-07-23 20:02:57 -0400 |
commit | 5e59cd062f1e12cda4d955c09ea6da5cee8a7bc2 (patch) | |
tree | ee697ef941fa0a972771825b3791e61f68c0d851 /cups/tls-gnutls.c | |
parent | e7729c5a144d4ce1dded05ac18abee88d1d579f7 (diff) | |
download | cups-5e59cd062f1e12cda4d955c09ea6da5cee8a7bc2.tar.gz |
Fix "DenyCBC" priority string with GNU TLS.
Diffstat (limited to 'cups/tls-gnutls.c')
-rw-r--r-- | cups/tls-gnutls.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c index 48bc11aa9..d77e20789 100644 --- a/cups/tls-gnutls.c +++ b/cups/tls-gnutls.c @@ -1242,7 +1242,7 @@ _httpTLSStart(http_t *http) /* I - Connection to server */ int status; /* Status of handshake */ gnutls_certificate_credentials_t *credentials; /* TLS credentials */ - char priority_string[1024]; + char priority_string[2048]; /* Priority string */ @@ -1519,7 +1519,7 @@ _httpTLSStart(http_t *http) /* I - Connection to server */ strlcat(priority_string, ":!ANON-DH", sizeof(priority_string)); if (!(tls_options & _HTTP_TLS_DENY_CBC)) - strlcat(priority_string, ":!CBC", sizeof(priority_string)); + strlcat(priority_string, ":!AES-128-CBC:!AES-256-CBC:!CAMELLIA-128-CBC:!CAMELLIA-256-CBC:!3DES-CBC", sizeof(priority_string)); #ifdef HAVE_GNUTLS_PRIORITY_SET_DIRECT gnutls_priority_set_direct(http->tls, priority_string, NULL); |