tls_priority: Remove ARCFOUR-40 from default exclusion list

Yorhel · Yorhel · commit 19ec1a8a5e2e · 2015-04-26T11:49:47.000+02:00
This cypher has been removed in GnuTLS 3.4, and thus causes connection
attempts to fail if it's still in the exclusion list. I very strongly
doubt that ARCFOUR-40 has ever been in the "NORMAL" cypher selection, so
this probably doesn't change anything.

GnuTLS 3.4 also by default excludes ARCFOUR-128 from the NORMAL
selection, but it doesn't hurt to keep that around for older versions.
diff --git a/src/vars.c b/src/vars.c
@@ -996,7 +996,7 @@ struct var_t {
   V(slots,            1,0, f_int,          p_int_ge1,       NULL,          NULL,         s_hubinfo,       "10")\
   V(sudp_policy,      1,0, f_sudp_policy,  p_sudp_policy,   su_sudp_policy,g_sudp_policy,s_sudp_policy,   G_STRINGIFY(VAR_SUDPP_PREFER))\
   V(tls_policy,       1,1, f_tls_policy,   p_tls_policy,    su_tls_policy, g_tls_policy, s_tls_policy,    G_STRINGIFY(VAR_TLSP_PREFER))\
-  V(tls_priority,     1,0, f_id,           p_tls_priority,  su_old,        NULL,         NULL,            "NORMAL:-ARCFOUR-40:-ARCFOUR-128")\
+  V(tls_priority,     1,0, f_id,           p_tls_priority,  su_old,        NULL,         NULL,            "NORMAL:-ARCFOUR-128")\
   V(ui_time_format,   1,0, f_id,           p_id,            su_old,        NULL,         NULL,            "[%H:%M:%S]")\
   V(upload_rate,      1,0, f_speed,        p_speed,         NULL,          NULL,         NULL,            NULL)
 
diff --git a/static/build.sh b/static/build.sh
@@ -28,8 +28,9 @@ ZLIB_VERSION=1.2.8
 BZIP2_VERSION=1.0.6
 SQLITE_VERSION=3080702
 GMP_VERSION=6.0.0
-NETTLE_VERSION=2.7.1
-GNUTLS_VERSION=3.3.10
+NETTLE_VERSION=3.1.1
+IDN_VERSION=1.30
+GNUTLS_VERSION=3.4.0
 NCURSES_VERSION=5.9
 GLIB_VERSION=2.43.1
 GEOIP_VERSION=1.6.3
@@ -175,6 +176,16 @@ getnettle() {
 }
 
 
+getidn() {
+  fem http://ftp.gnu.org/gnu/libidn/ libidn-$IDN_VERSION.tar.gz idn
+  prebuild idn || return
+  $srcdir/configure --prefix=$PREFIX --disable-nls --disable-valgrind-tests --disable-shared\
+    --enable-static --host=$HOST CPPFLAGS="-I$PREFIX/include" LDFLAGS="-L$PREFIX/lib" || exit
+  make install || exit
+  postbuild
+}
+
+
 getgnutls() {
   fem ftp://ftp.gnutls.org/gcrypt/gnutls/v${GNUTLS_VERSION%.*}/ gnutls-$GNUTLS_VERSION.tar.xz gnutls
   prebuild gnutls || return
@@ -187,8 +198,9 @@ getgnutls() {
   fi
   $srcdir/configure --prefix=$PREFIX --disable-gtk-doc-html --disable-shared --disable-silent-rules\
     --enable-static --disable-cxx --disable-srp-authentication --disable-openssl-compatibility\
-    --disable-guile --disable-crywrap --with-included-libtasn1 --without-p11-kit\
+    --disable-guile --disable-crywrap --with-included-libtasn1 --without-p11-kit --with-nettle-mini\
     --host=$HOST CPPFLAGS="-I$PREFIX/include" LDFLAGS="-L$PREFIX/lib" || exit
+  make || exit
   make -C gl install || exit
   make -C lib install || exit
   postbuild
@@ -283,6 +295,7 @@ allncdc() {
   getsqlite
   getgmp
   getnettle
+  getidn
   getgnutls
   getncurses
   getglib
