From c9eb9b282ebbc602466f3d5d92bac51a00ed91f6 Mon Sep 17 00:00:00 2001
From: Wouter Verhelst <w@uter.be>
Date: Sun, 7 Apr 2024 12:38:33 +0200
Subject: [PATCH] Enable TLS1.3 by default

Older versions of GnuTLS did not support TLS1.3, and so we couldn't
update the version priority string to enable that by default, yet.

This now seems to no longer be a problem, so enable support for TLS1.3
by default while still disallowing TLS1.1 and below.
---
 man/nbd-server.5.sgml.in | 2 +-
 nbd-server.c             | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/man/nbd-server.5.sgml.in b/man/nbd-server.5.sgml.in
index 1399cdb2..4d3a33a4 100644
--- a/man/nbd-server.5.sgml.in
+++ b/man/nbd-server.5.sgml.in
@@ -371,7 +371,7 @@ manpage.1: manpage.sgml
       <varlistentry>
         <term><option>tlsprio</option></term>
 	<listitem>
-	  <para>Optional; string; default NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE</para>
+	  <para>Optional; string; default NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+VERS-TLS1.3:%SERVER_PRECEDENCE</para>
 	  <para>This option allows to configure the GnuTLS priority
 	    string, which is used to select the algorithms which GnuTLS
 	    will allow to be negotiated with the client. The NBD
diff --git a/nbd-server.c b/nbd-server.c
index 1f7a09e4..41d09ff5 100644
--- a/nbd-server.c
+++ b/nbd-server.c
@@ -871,7 +871,7 @@ GArray* parse_cfile(gchar* f, struct generic_conf *const genconf, bool expect_ge
 
         memset(&genconftmp, 0, sizeof(struct generic_conf));
 
-	genconftmp.tlsprio = "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE";
+	genconftmp.tlsprio = "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+VERS-TLS1.3:%SERVER_PRECEDENCE";
 
         if (genconf) {
                 /* Use the passed configuration values as defaults. The