Hi Daiki, Daiki Ueno <u...@gnu.org> skribis:
> Ludovic Courtès <l...@gnu.org> writes: > >> $ gnutls-cli >> --priority="NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509:-VERS-SSL3.0:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2:+VERS-TLS1.3" >> -p https bitbucket.org [...] >> Aren’t these two priority strings supposed to be equivalent today? > > No. If -VERS-TLS-ALL is used, the default priorities on TLS versions in > NORMAL are ignored; the user is responsible for building the priority > string so it reflects the actual preference, which in this case is: > > -VERS-TLS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0 Thanks for the explanations. As you suggest, the mistake was that cURL 7.77.0 would pass the priority string in the “wrong order”, preferring older TLS versions. This is now fixed: https://github.com/curl/curl/issues/7277 Ludo’.
