added PFS to --secure-protocol

[wget] / src / gnutls.c

diff --git a/src/gnutls.c b/src/gnutls.c
index 0499a2502c742109ab78d513df44e596996b2ec5..ce61d065a4b96db110ce7dfc6ecf0e200c03c089 100644 (file)
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -442,6 +442,13 @@ ssl_connect_wget (int fd, const char *hostname)
     case secure_protocol_tlsv1:
       err = gnutls_priority_set_direct (session, "NORMAL:-VERS-SSL3.0", NULL);
       break;
+    case secure_protocol_pfs:
+#if defined (GNUTLS_VERSION_NUMBER) && GNUTLS_VERSION_NUMBER >= 0x030204
+      err = gnutls_priority_set_direct (session, "PFS", NULL);
+#else
+      err = gnutls_priority_set_direct (session, "NORMAL:-RSA", NULL);
+#endif
+      break;
     default:
       abort ();
     }