resolved: fix connection failures with TLS 1.3 and GnuTLS
Prefer TLS 1.3 before TLS 1.2 for DNS-over-TLS support, otherwise servers compliant with RFC 8446 might end up agreeing TLS 1.2 plus a downgrade signal which is not expected by GnuTLS clients. This manifests in the following error: Failed to invoke gnutls_handshake: An illegal parameter has been received. Fixes: #13528 Fixes: v242-962-g9c0624dcdb ("resolved: support TLS 1.3 when using GnuTLS for DNS-over-TLS")
This commit is contained in:
parent
cd8ad5965f
commit
6880558020
|
@ -10,7 +10,7 @@
|
|||
#include "resolved-dnstls.h"
|
||||
|
||||
#if GNUTLS_VERSION_NUMBER >= 0x030600
|
||||
#define PRIORTY_STRING "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3"
|
||||
#define PRIORTY_STRING "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2"
|
||||
#else
|
||||
#define PRIORTY_STRING "NORMAL:-VERS-ALL:+VERS-TLS1.2"
|
||||
#endif
|
||||
|
|
Loading…
Reference in a new issue