On 04/25/2011 08:57 PM, Martin Lambers wrote: > Hi all, > > I have some trouble with priority strings since > gnutls_protocol_set_priority() is deprecated: > Both msmtp and mpop can pass user-specified priority strings to GnuTLS, > and both also provide the independent option to force SSLv3. > Up until now, I could specifiy the priority string with > gnutls_priority_set_direct() and subsequently use > gnutls_protocol_set_priority() to force SSLv3, and this worked as expected. > To avoid using a deprecated function, I now need to force SSLv3 by > extending a given priority string. > I tried to append ":-VERS-TLS-ALL:+VERS-SSL3.0" (e.g. > "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0"), but this does not work: it still > results in other TLS versions being enabled. Apparently later entries do > not override previous entries. So how should this be done instead?
The way you describe is the correct one. If I try this priority string to gnutls-cli of 2.12.3 I only see SSL 3.0 being advertised. Could it be that you overwrite the priorities by calling some other priority function later? regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
