(1) Fixed the cipher preference order for GnuTLS client usage.

(2) Fixed a small bug in the runtest script.

2 files changed, 8 insertions, 4 deletions

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index a12145aeb..32606ba91 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.47 2004/12/20 15:24:27 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.48 2004/12/21 09:26:31 ph10 Exp $
 
 Change log file for Exim from version 4.21
 -------------------------------------------
@@ -203,6 +203,10 @@ Exim version 4.50
     contradicting the general specification for all authenticators. Instead it
     was generating a temporary error. It now behaves as specified.
 
+50. The default ordering of permitted cipher suites for GnuTLS was pessimal
+    (the order specifies the preference for clients). The order is now AES256,
+    AES128, 3DES, ARCFOUR128.
+
 
 Exim version 4.43
 -----------------
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index ade383e42..9c9e43775 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/tls-gnu.c,v 1.2 2004/11/25 10:26:04 ph10 Exp $ */
+/* $Cambridge: exim/src/src/tls-gnu.c,v 1.3 2004/12/21 09:26:31 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -59,10 +59,10 @@ static const int kx_priority[16] = {
   0 };
 
 static int default_cipher_priority[16] = {
-  GNUTLS_CIPHER_ARCFOUR_128,
+  GNUTLS_CIPHER_AES_256_CBC,
   GNUTLS_CIPHER_AES_128_CBC,
   GNUTLS_CIPHER_3DES_CBC,
-  GNUTLS_CIPHER_ARCFOUR_40,
+  GNUTLS_CIPHER_ARCFOUR_128,
   0 };
 
 static int cipher_priority[16];