Add %DUMBFW to the default GnuTLS priority strings

* lisp/net/gnutls.el (gnutls-boot-parameters): Add %DUMBFW to
the default priority strings (Bug#25061).

* etc/NEWS: Mention it.

* doc/misc/emacs-gnutls.texi (Help For Users): Point to the
GnuTLS priority string documentation URL.

diff --git a/doc/misc/emacs-gnutls.texi b/doc/misc/emacs-gnutls.texi
index 92846a924c504fbc238bc09eacb1ece5dc4100a9..1715c83a0d203a8eef39fdce6bfe32751c8b0008 100644 (file)
--- a/doc/misc/emacs-gnutls.texi
+++ b/doc/misc/emacs-gnutls.texi
@@ -116,9 +116,11 @@ information.
 The @code{gnutls-algorithm-priority} variable sets the GnuTLS priority
 string.  This is global, not per host name (although
 @code{gnutls-negotiate} supports a priority string per connection so
-it could be done if needed).  The priority string syntax is in the
+it could be done if needed).  For details see the
 @uref{https://www.gnu.org/software/gnutls/documentation.html, GnuTLS
-documentation}.
+documentation} and the
+@uref{https://gnutls.org/manual/html_node/Priority-Strings.html,
+GnuTLS priority string syntax and description}.
 @end defvar
 
 @defvar gnutls-trustfiles

diff --git a/etc/NEWS b/etc/NEWS
index 5324a0944eac3ec6cf9c85ae223368f2191746e5..8080e10c7e5550da03082fd952f2d506b52e5707 100644 (file)
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -431,6 +431,9 @@ You can enable this by customizing 'mwheel-tilt-scroll-p'.  If you
 want to reverse the direction of the scroll, customize
 'mwheel-flip-direction'.
 
++++
+** The default GnuTLS priority string now includes %DUMBFW.
+
 ** Emacsclient changes
 
 +++

diff --git a/lisp/net/gnutls.el b/lisp/net/gnutls.el
index 98f7b5855889a651a0d22a54bd5d12194444e873..a406b0b07fd513512c0b08885056f5aece1dd830 100644 (file)
--- a/lisp/net/gnutls.el
+++ b/lisp/net/gnutls.el
@@ -217,7 +217,7 @@ For the meaning of the rest of the parameters, see `gnutls-boot-parameters'."
 
 TYPE is `gnutls-x509pki' (default) or `gnutls-anon'.  Use nil for the default.
 HOSTNAME is the remote hostname.  It must be a valid string.
-PRIORITY-STRING is as per the GnuTLS docs, default is \"NORMAL\".
+PRIORITY-STRING is as per the GnuTLS docs, default is based on \"NORMAL\".
 TRUSTFILES is a list of CA bundles.  It defaults to `gnutls-trustfiles'.
 CRLFILES is a list of CRL files.
 KEYLIST is an alist of (client key file, client cert file) pairs.
@@ -265,11 +265,11 @@ defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT."
         (priority-string (or priority-string
                              (cond
                               ((eq type 'gnutls-anon)
-                               "NORMAL:+ANON-DH:!ARCFOUR-128")
+                               "NORMAL:+ANON-DH:!ARCFOUR-128:%DUMBFW")
                               ((eq type 'gnutls-x509pki)
                                (if gnutls-algorithm-priority
                                    (upcase gnutls-algorithm-priority)
-                                 "NORMAL")))))
+                                 "NORMAL:%DUMBFW")))))
         (verify-error (or verify-error
                           ;; this uses the value of `gnutls-verify-error'
                           (cond