From e0526d6ac7a2622a1b8781be4825fbef985a5ed3 Mon Sep 17 00:00:00 2001
From: Robert Pluim <rpluim@gmail.com>
Date: Wed, 12 Jul 2017 14:59:35 +0200
Subject: [PATCH] Remove TLS1.0 from default gnutls connection parameters

        * lisp/net/gnutls.el (gnutls-boot-parameters): Remove TLS1.0
	from default parameters.
	* src/gnutls.c (Fgnutls_boot): Likewise.
---
 lisp/net/gnutls.el | 4 ++--
 src/gnutls.c       | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lisp/net/gnutls.el b/lisp/net/gnutls.el
index 5db87329c3..3386dc5efc 100644
--- a/lisp/net/gnutls.el
+++ b/lisp/net/gnutls.el
@@ -264,11 +264,11 @@ gnutls-log-level
         (priority-string (or priority-string
                              (cond
                               ((eq type 'gnutls-anon)
-                               "NORMAL:+ANON-DH:!ARCFOUR-128")
+                               "NORMAL:+ANON-DH:!ARCFOUR-128:-VERS-TLS1.0")
                               ((eq type 'gnutls-x509pki)
                                (if gnutls-algorithm-priority
                                    (upcase gnutls-algorithm-priority)
-                                 "NORMAL")))))
+                                 "NORMAL:-VERS-TLS1.0")))))
         (verify-error (or verify-error
                           ;; this uses the value of `gnutls-verify-error'
                           (cond
diff --git a/src/gnutls.c b/src/gnutls.c
index 2078ad88f2..c3d7f54b73 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -1333,7 +1333,7 @@ PROPLIST is a property list with the following keys:
 
 :hostname is a string naming the remote host.
 
-:priority is a GnuTLS priority string, defaults to "NORMAL".
+:priority is a GnuTLS priority string, defaults to "NORMAL:-VERS-TLS1.0".
 
 :trustfiles is a list of PEM-encoded trust files for `gnutls-x509pki'.
 
@@ -1389,7 +1389,7 @@ one trustfile (usually a CA bundle).  */)
   gnutls_certificate_credentials_t x509_cred = NULL;
   gnutls_anon_client_credentials_t anon_cred = NULL;
   Lisp_Object global_init;
-  char const *priority_string_ptr = "NORMAL"; /* default priority string.  */
+  char const *priority_string_ptr = "NORMAL:-VERS-TLS1.0"; /* default priority string.  */
   char *c_hostname;
 
   /* Placeholders for the property list elements.  */
-- 
2.13.0.rc0