2 files changed, 17 insertions, 4 deletions

diff --git a/src/irc/irc-server.c b/src/irc/irc-server.c
index 549350c50..78175dc81 100644
--- a/src/irc/irc-server.c
+++ b/src/irc/irc-server.c
@@ -64,6 +64,17 @@ int check_away = 0;
 
 char *nick_modes = "aiwroOs";
 
+#ifdef HAVE_GNUTLS
+const int gnutls_cert_type_prio[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
+#if LIBGNUTLS_VERSION_NUMBER >= 0x010700
+    const int gnutls_prot_prio[] = { GNUTLS_TLS1_2, GNUTLS_TLS1_1,
+                                     GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
+#else
+    const int gnutls_prot_prio[] = { GNUTLS_TLS1_1, GNUTLS_TLS1_0,
+                                     GNUTLS_SSL3, 0 };
+#endif
+#endif
+
 
 /*
  * server_init: init server struct with default values
@@ -1730,9 +1741,6 @@ server_connect (t_irc_server *server)
 {
     int child_pipe[2], set;
     pid_t pid;
-#ifdef HAVE_GNUTLS
-    const int cert_type_prio[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
-#endif
     
 #ifndef HAVE_GNUTLS
     if (server->ssl)
@@ -1790,7 +1798,8 @@ server_connect (t_irc_server *server)
             return 0;
         }
         gnutls_set_default_priority (server->gnutls_sess);
-        gnutls_certificate_type_set_priority (server->gnutls_sess, cert_type_prio);
+        gnutls_certificate_type_set_priority (server->gnutls_sess, gnutls_cert_type_prio);
+        gnutls_protocol_set_priority (server->gnutls_sess, gnutls_prot_prio);
         gnutls_credentials_set (server->gnutls_sess, GNUTLS_CRD_CERTIFICATE, gnutls_xcred);
         server->ssl_connected = 1;
     }
diff --git a/src/irc/irc.h b/src/irc/irc.h
index 25f608f54..8eb26cb4c 100644
--- a/src/irc/irc.h
+++ b/src/irc/irc.h
@@ -345,6 +345,10 @@ struct t_irc_ignore
 
 extern t_irc_command irc_commands[];
 extern t_irc_server *irc_servers;
+#ifdef HAVE_GNUTLS
+extern const int gnutls_cert_type_prio[];
+extern const int gnutls_prot_prio[];
+#endif
 extern t_irc_message *recv_msgq, *msgq_last_msg;
 extern int check_away;
 extern t_irc_dcc *dcc_list;