+2013-09-09 Tim Ruehsen <tim.ruehsen@gmx.de>
+
+ * gnutls.c (ssl_connect_wget): changed checking of option "PFS"
+ to be better prepared for some kinds of backports.
+ Reported by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
2013-10-10 Giuseppe Scrivano <gscrivan@redhat.com>
* url.c (url_parse): Try to convert UTF-8 URLs to IDN.
err = gnutls_priority_set_direct (session, "NORMAL:-VERS-SSL3.0", NULL);
break;
case secure_protocol_pfs:
- if (gnutls_check_version("3.2.4"))
- err = gnutls_priority_set_direct (session, "PFS", NULL);
- else
+ err = gnutls_priority_set_direct (session, "PFS", NULL);
+ if (err != GNUTLS_E_SUCCESS)
+ /* fallback if PFS is not available */
err = gnutls_priority_set_direct (session, "NORMAL:-RSA", NULL);
break;
default: