Fall back to a sane default if the TLS priority setting is invalid.

2025-05-30 08:21:25 +00:00 · 2019-10-29 10:14:35 +01:00 · 2019-10-29 10:14:35 +01:00 · cc50c639ae
commit cc50c639ae
parent ebbe3f9081
2 changed files with 12 additions and 1 deletions
--- a/Source/GSTLS.m
+++ b/Source/GSTLS.m
@ -1771,7 +1771,13 @@ retrieve_callback(gnutls_session_t session,
 	  /* By default we disable SSL3.0 as the 'POODLE' attack (Oct 2014)
 	   * renders it insecure.
 	   */
-          gnutls_priority_set_direct(session, [str UTF8String], NULL);
+          const char *err_pos;
+          if (gnutls_priority_set_direct(session, [str UTF8String], &err_pos))
+            {
+              NSLog(@"Invalid GSTLSPriority: %s", err_pos);
+              NSLog(@"Falling back to NORMAL:-VERS-SSL3.0");
+              gnutls_priority_set_direct(session, "NORMAL:-VERS-SSL3.0", NULL);
+            }
 #endif
        }