resolved: fix connection failures with TLS 1.3 and GnuTLS
Prefer TLS 1.3 before TLS 1.2 for DNS-over-TLS support, otherwise
servers compliant with RFC 8446 might end up agreeing TLS 1.2 plus a
downgrade signal which is not expected by GnuTLS clients. This manifests
in the following error:
Failed to invoke gnutls_handshake: An illegal parameter has been received.
Fixes: #13528
Fixes:
v242-962-g9c0624dcdb ("resolved: support TLS 1.3 when using GnuTLS for DNS-over-TLS")
(cherry picked from commit
68805580209cfaa50b2400d1a2e6c66500001395)
projects / systemd / .git / commit