diff -up librelp-1.10.0/src/tcp.c.crypto-compliance librelp-1.10.0/src/tcp.c

--- librelp-1.10.0/src/tcp.c.crypto-compliance	2021-02-16 09:07:24.000000000 +0100

+++ librelp-1.10.0/src/tcp.c	2021-08-17 10:13:53.368936612 +0200

@@ -1155,32 +1155,8 @@ static relpRetVal LIBRELP_ATTR_NONNULL()

 relpTcpTLSSetPrio_gtls(relpTcp_t *const pThis)

 {

 	int r;

-	char pristringBuf[4096];

-	char *pristring;

 	ENTER_RELPFUNC;

-	/* Set default priority string (in simple cases where the user does not care...) */

-	if(pThis->pristring == NULL) {

-		if (pThis->authmode == eRelpAuthMode_None) {

-			if(pThis->bEnableTLSZip) {

-				strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-ALL", sizeof(pristringBuf));

-			} else {

-				strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-NULL", sizeof(pristringBuf));

-			}

-			pristringBuf[sizeof(pristringBuf)-1] = '\0';

-			pristring = pristringBuf;

-			r = gnutls_priority_set_direct(pThis->session, pristring, NULL);

-		} else {

-			r = gnutls_set_default_priority(pThis->session);

-			strncpy(pristringBuf, "to recommended system default", sizeof(pristringBuf));

-			pristringBuf[sizeof(pristringBuf)-1] = '\0';

-			pristring = pristringBuf;

-		}

-

-	} else {

-		pristring = pThis->pristring;

-		r = gnutls_priority_set_direct(pThis->session, pristring, NULL);

-	}

-

+	r = gnutls_set_default_priority(pThis->session);

 	if(r == GNUTLS_E_INVALID_REQUEST) {

 		ABORT_FINALIZE(RELP_RET_INVLD_TLS_PRIO);

 	} else if(r != GNUTLS_E_SUCCESS) {

@@ -1188,7 +1164,7 @@ relpTcpTLSSetPrio_gtls(relpTcp_t *const

 	}

 finalize_it:

-	pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_gtls: Setting ciphers '%s' iRet=%d\n", pristring, iRet);

+	pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_gtls: Setting ciphers to system default iRet=%d\n", iRet);

 	if(iRet != RELP_RET_OK) {

 		chkGnutlsCode(pThis, "Failed to set GnuTLS priority", iRet, r);

@@ -1207,38 +1183,15 @@ relpTcpTLSSetPrio_gtls(LIBRELP_ATTR_UNUS

 static relpRetVal LIBRELP_ATTR_NONNULL()

 relpTcpTLSSetPrio_ossl(relpTcp_t *const pThis)

 {

-	char pristringBuf[4096];

-	char *pristring;

 	ENTER_RELPFUNC;

-	/* Compute priority string (in simple cases where the user does not care...) */

-	if(pThis->pristring == NULL) {

-		if (pThis->authmode == eRelpAuthMode_None) {

-			#if OPENSSL_VERSION_NUMBER >= 0x10100000L \

-				&& !defined(LIBRESSL_VERSION_NUMBER)

-			 /* NOTE: do never use: +eNULL, it DISABLES encryption! */

-			strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL@SECLEVEL=0",

-				sizeof(pristringBuf));

-			#else

-			strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL",

-				sizeof(pristringBuf));

-			#endif

-		} else {

-			strncpy(pristringBuf, "DEFAULT", sizeof(pristringBuf));

-		}

-		pristringBuf[sizeof(pristringBuf)-1] = '\0';

-		pristring = pristringBuf;

-	} else {

-		/* We use custom CipherString if used sets it by SslConfCmd */

-		pristring = pThis->pristring;

-	}

-	if ( SSL_set_cipher_list(pThis->ssl, pristring) == 0 ){

-		pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Error setting ciphers '%s'\n", pristring);

+	if (SSL_set_cipher_list(pThis->ssl, "PROFILE=SYSTEM") == 0){

+		pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Error setting ciphers to system default\n");

 		ABORT_FINALIZE(RELP_RET_ERR_TLS_SETUP);

 	}

 finalize_it:

-	pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Setting ciphers '%s' iRet=%d\n", pristring, iRet);

+	pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Setting ciphers to system default iRet=%d\n", iRet);

 	LEAVE_RELPFUNC;

 }

 #else