Bugfix for TLS server sessions

2025-05-30 00:11:26 +00:00 · 2019-09-21 09:42:27 +01:00 · 2019-09-21 09:42:27 +01:00 · b3f5a3440d
commit b3f5a3440d
parent de9740cda4
2 changed files with 21 additions and 12 deletions
--- a/Source/GSTLS.m
+++ b/Source/GSTLS.m
@ -1703,15 +1703,6 @@ retrieve_callback(gnutls_session_t session,
          str = nil;
        }

-#if GNUTLS_VERSION_NUMBER < 0x020C00
-      gnutls_set_default_priority(session);
-#else
-      /* By default we disable SSL3.0 as the 'POODLE' attack (Oct 2014)
-       * renders it insecure.
-       */
-      gnutls_priority_set_direct(session, "NORMAL:-VERS-SSL3.0", NULL);
-#endif
-
      if (nil == str)
        {
          if ([pri isEqual: NSStreamSocketSecurityLevelNone] == YES)
@ -1758,15 +1749,28 @@ retrieve_callback(gnutls_session_t session,
 #else
              gnutls_priority_set_direct(session,
                "NORMAL:-VERS-SSL3.0:+VERS-TLS-ALL", NULL);
+#endif
+            }
+          else
+            {
+#if GNUTLS_VERSION_NUMBER < 0x020C00
+              gnutls_set_default_priority(session);
+#else
+              /* By default we disable SSL3.0 as the 'POODLE' attack (Oct 2014)
+               * renders it insecure.
+               */
+              gnutls_priority_set_direct(session, "NORMAL:-VERS-SSL3.0", NULL);
 #endif
            }
        }
-#if GNUTLS_VERSION_NUMBER >= 0x020C00
      else
        {
+#if GNUTLS_VERSION_NUMBER >= 0x020C00
          gnutls_priority_set_direct(session, [str UTF8String], NULL);
-        }
+#else
+          gnutls_set_default_priority(session);
 #endif
+        }

      /* Set certificate credentials for this session.
       */