diff --git a/ChangeLog b/ChangeLog
index b257dc90f..e85a257ac 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2019-10-29  Wolfgang Lux  <wolfgang.lux@gmail.com>
+
+	* Source/GSTLS.m:
+	Fall back to a sane default if the TLS priority setting is invalid.
+
 2019-10-28  Wolfgang Lux  <wolfgang.lux@gmail.com>
 
 	* Source/GSSocketStream.m:
diff --git a/Source/GSTLS.m b/Source/GSTLS.m
index 88e6729da..b88174b70 100644
--- a/Source/GSTLS.m
+++ b/Source/GSTLS.m
@@ -1771,7 +1771,13 @@ retrieve_callback(gnutls_session_t session,
 	  /* By default we disable SSL3.0 as the 'POODLE' attack (Oct 2014)
 	   * renders it insecure.
 	   */
-          gnutls_priority_set_direct(session, [str UTF8String], NULL);
+          const char *err_pos;
+          if (gnutls_priority_set_direct(session, [str UTF8String], &err_pos))
+            {
+              NSLog(@"Invalid GSTLSPriority: %s", err_pos);
+              NSLog(@"Falling back to NORMAL:-VERS-SSL3.0");
+              gnutls_priority_set_direct(session, "NORMAL:-VERS-SSL3.0", NULL);
+            }
 #endif
         }