- diff --git a/settings.c b/settings.c
- index 2a847de..7e8cb94 100644
- --- a/settings.c
- +++ b/settings.c
- @@ -37,6 +37,7 @@ int browser_mode = XT_BM_NORMAL;
- int gui_mode = XT_GM_CLASSIC;
- int enable_localstorage = 1;
- char *statusbar_elems = NULL;
- +char *priorities = NULL;
- /* runtime settings */
- int show_tabs = 1; /* show tabs on notebook */
- @@ -353,6 +354,7 @@ struct settings rs[] = {
- { "enable_favicon_entry", XT_S_INT, 0, &enable_favicon_entry, NULL, NULL, NULL, set_enable_favicon_entry },
- { "enable_favicon_tabs", XT_S_INT, 0, &enable_favicon_tabs, NULL, NULL, NULL, set_enable_favicon_tabs },
- { "referer", XT_S_STR, 0, NULL, NULL,&s_referer, NULL, set_referer_rt },
- + { "priorities", XT_S_STR, XT_SF_RESTART,NULL, &priorities, NULL },
- /* font settings */
- { "cmd_font", XT_S_STR, 0, NULL, &cmd_font_name, NULL },
- diff --git a/xxxterm.1 b/xxxterm.1
- index 0aaaed9..d1b8a62 100644
- --- a/xxxterm.1
- +++ b/xxxterm.1
- @@ -1196,6 +1196,17 @@ This is a plugin whitelist item.
- See
- .Cm cookie_wl
- for semantics and more details.
- +.It Cm priorities
- +Set priorities for ciphers, key exchange methods, macs and compression methods.
- +The default is
- +.Pa SECURE256 .
- +Consult
- +.Xr gnutls-cli 1
- +sub-section
- +.Sx TLS/SSL control options
- +for format.
- +.Nm gnutls-cli Fl l
- +lists supported algorithms and modes.
- .It Cm read_only_cookies
- Mark cookies file read-only and discard all cookies once the session is
- terminated.
- diff --git a/xxxterm.c b/xxxterm.c
- index ac2d335..3df8d93 100644
- --- a/xxxterm.c
- +++ b/xxxterm.c
- @@ -1577,6 +1577,7 @@ start_tls(const gchar **error_str, int s, gnutls_session_t *gs,
- gnutls_session_t gsession;
- int rv = 1;
- static gchar myerror[1024]; /* this is not thread safe */
- + const char *err;
- if (gs == NULL || xc == NULL)
- goto done;
- @@ -1590,7 +1591,25 @@ start_tls(const gchar **error_str, int s, gnutls_session_t *gs,
- GNUTLS_X509_FMT_PEM);
- gnutls_init(&gsession, GNUTLS_CLIENT);
- - gnutls_priority_set_direct(gsession, "PERFORMANCE", NULL);
- + if ((rv = gnutls_priority_set_direct(gsession, priorities,
- + &err)) < 0) {
- + if (rv == GNUTLS_E_INVALID_REQUEST)
- + snprintf(myerror, sizeof myerror, "priorities syntax"
- + " error at: %s", err);
- + else
- + snprintf(myerror, sizeof myerror,
- + "gnutls_priority_set_direct failed %d fatal %d %s",
- + rv,
- + gnutls_error_is_fatal(rv),
- +#if LIBGNUTLS_VERSION_MAJOR >= 2 && LIBGNUTLS_VERSION_MINOR >= 6
- + gnutls_strerror_name(rv));
- +#else
- + "GnuTLS version is too old to provide human"
- + " readable error");
- +#endif
- + stop_tls(gsession, xcred);
- + goto done;
- + }
- gnutls_credentials_set(gsession, GNUTLS_CRD_CERTIFICATE, xcred);
- gnutls_transport_set_ptr(gsession, (gnutls_transport_ptr_t)(long)s);
- #ifdef __MINGW32__
- @@ -1606,12 +1625,20 @@ start_tls(const gchar **error_str, int s, gnutls_session_t *gs,
- #if LIBGNUTLS_VERSION_MAJOR >= 2 && LIBGNUTLS_VERSION_MINOR >= 6
- gnutls_strerror_name(rv));
- #else
- - "GNUTLS version is too old to provide human readable error");
- + "GnuTLS version is too old to provide human readable error");
- #endif
- stop_tls(gsession, xcred);
- goto done;
- }
- + DPRINTF("%s: cipher %s kx %s mac %s comp %s proto %s\n",
- + __func__,
- + gnutls_cipher_get_name(gnutls_cipher_get(gsession)),
- + gnutls_kx_get_name(gnutls_kx_get(gsession)),
- + gnutls_mac_get_name(gnutls_mac_get(gsession)),
- + gnutls_compression_get_name(gnutls_compression_get(gsession)),
- + gnutls_protocol_get_name(gnutls_protocol_get_version(gsession)));
- +
- gnutls_credentials_type_t cred;
- cred = gnutls_auth_get_type(gsession);
- if (cred != GNUTLS_CRD_CERTIFICATE) {
- @@ -7787,6 +7814,7 @@ main(int argc, char **argv)
- statusbar_elems = g_strdup("BP");
- spell_check_languages = g_strdup("en_US");
- encoding = g_strdup("UTF-8");
- + priorities = g_strdup("SECURE256");
- /* read config file */
- if (strlen(conf) == 0)
- diff --git a/xxxterm.conf b/xxxterm.conf
- index cc81ded..ceb133d 100644
- --- a/xxxterm.conf
- +++ b/xxxterm.conf
- @@ -59,6 +59,7 @@
- # enable_favicon_entry = 0
- # enable_favicon_tabs = 1
- # referer = always
- +# priorities = SECURE256
- # See http://www.xroxy.com/proxylist.php for a good list of open
- # proxies.
- diff --git a/xxxterm.h b/xxxterm.h
- index f546256..0d45222 100644
- --- a/xxxterm.h
- +++ b/xxxterm.h
- @@ -646,6 +646,7 @@ extern int enable_favicon_entry;
- extern int enable_favicon_tabs;
- extern int referer_mode;
- extern char *referer_custom;
- +extern char *priorities;
- /* globals */
- extern char *version;
Don't like ads? PRO users don't see any ads ;-)
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
create a new version of this paste
RAW Paste Data