secur32: Use %LATEST_RECORD_VERSION gnutls priority.

It's based on [1], where it's reported to fix issues with older gnutls. I tested what client hello packages Windows reports for different sets of used protocol versions, and it always uses newest possible version. There may be a concern about not using SSL3 client hello, which still may negotiate newer protocol and was recommended for compatibility reasons, but it's known to be problematic the other way those days and recent gnutls won't use it by default anyway [2]. [1] http://us.battle.net/wow/en/forum/topic/20742995286?page=11 [2] 25ed275043 Signed-off-by: Jacek Caban <jacek@codeweavers.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2016-03-28 12:42:05 +02:00 · 2016-03-28 12:42:05 +02:00 · f198b5a45a
parent 5e27e6b5d8
commit f198b5a45a
1 changed files with 1 additions and 1 deletions
--- a/dlls/secur32/schannel_gnutls.c
+++ b/dlls/secur32/schannel_gnutls.c
@ -160,7 +160,7 @@ DWORD schan_imp_enabled_protocols(void)
 BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cred)
 {
    gnutls_session_t *s = (gnutls_session_t*)session;
-    char priority[64] = "NORMAL", *p;
+    char priority[128] = "NORMAL:%LATEST_RECORD_VERSION", *p;
    unsigned i;

    int err = pgnutls_init(s, cred->credential_use == SECPKG_CRED_INBOUND ? GNUTLS_SERVER : GNUTLS_CLIENT);