Fix "DenyCBC" priority string with GNU TLS.

author: Michael R Sweet <michael.r.sweet@gmail.com> 2017-07-23 20:02:57 -0400
committer: Michael R Sweet <michael.r.sweet@gmail.com> 2017-07-23 20:02:57 -0400
commit: 5e59cd062f1e12cda4d955c09ea6da5cee8a7bc2 (patch)
tree: ee697ef941fa0a972771825b3791e61f68c0d851 /cups/tls-gnutls.c
parent: e7729c5a144d4ce1dded05ac18abee88d1d579f7 (diff)
download: cups-5e59cd062f1e12cda4d955c09ea6da5cee8a7bc2.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c
index 48bc11aa9..d77e20789 100644
--- a/cups/tls-gnutls.c
+++ b/cups/tls-gnutls.c
@@ -1242,7 +1242,7 @@ _httpTLSStart(http_t *http)		/* I - Connection to server */
   int			status;		/* Status of handshake */
   gnutls_certificate_credentials_t *credentials;
 					/* TLS credentials */
-  char			priority_string[1024];
+  char			priority_string[2048];
 					/* Priority string */
 
 
@@ -1519,7 +1519,7 @@ _httpTLSStart(http_t *http)		/* I - Connection to server */
     strlcat(priority_string, ":!ANON-DH", sizeof(priority_string));
 
   if (!(tls_options & _HTTP_TLS_DENY_CBC))
-    strlcat(priority_string, ":!CBC", sizeof(priority_string));
+    strlcat(priority_string, ":!AES-128-CBC:!AES-256-CBC:!CAMELLIA-128-CBC:!CAMELLIA-256-CBC:!3DES-CBC", sizeof(priority_string));
 
 #ifdef HAVE_GNUTLS_PRIORITY_SET_DIRECT
   gnutls_priority_set_direct(http->tls, priority_string, NULL);
author	Michael R Sweet <michael.r.sweet@gmail.com>	2017-07-23 20:02:57 -0400
committer	Michael R Sweet <michael.r.sweet@gmail.com>	2017-07-23 20:02:57 -0400
commit	5e59cd062f1e12cda4d955c09ea6da5cee8a7bc2 (patch)
tree	ee697ef941fa0a972771825b3791e61f68c0d851 /cups/tls-gnutls.c
parent	e7729c5a144d4ce1dded05ac18abee88d1d579f7 (diff)
download	cups-5e59cd062f1e12cda4d955c09ea6da5cee8a7bc2.tar.gz