case secure_protocol_tlsv1:
err = gnutls_priority_set_direct (session, "NORMAL:-VERS-SSL3.0", NULL);
break;
+ case secure_protocol_pfs:
+ err = gnutls_priority_set_direct (session, "PFS", NULL);
+ if (err != GNUTLS_E_SUCCESS)
+ /* fallback if PFS is not available */
+ err = gnutls_priority_set_direct (session, "NORMAL:-RSA", NULL);
+ break;
default:
abort ();
}