GnuTLS priority string can be more compatible

x448 · web-flow · commit 6039f311e4b3 · 2020-04-20T09:37:04.000-05:00
Update GnuTLS priority string in rustup-init.sh so it 
can use TLS 1.2-1.3 without specifying TLS 1.3.

Resulting cipher suites and TLS versions enabled
are unchanged (TLS 1.2-1.3 if supported).

This may help avoid error (if any) on GnuTLS versions 
that don't have TLS 1.3 because the priority string seems 
unforgiving of unknown values.
diff --git a/rustup-init.sh b/rustup-init.sh
@@ -537,9 +537,9 @@ get_strong_ciphersuites_for() {
         # OpenSSL is forgiving of unknown values, no problems with TLS 1.3 values on versions that don't support it yet.
         echo "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"
     elif [ "$1" = "gnutls" ]; then
-        # GnuTLS isn't forgiving of unknown values, so this may require a GnuTLS version that supports TLS 1.3 even if wget doesn't
+        # GnuTLS isn't forgiving of unknown values, so this may require a GnuTLS version that supports TLS 1.3 even if wget doesn't.
         # Begin with SECURE128 (and higher) then remove/add to build cipher suites. Produces same 9 cipher suites as OpenSSL but in slightly different order.
-        echo "SECURE128:-VERS-ALL:-CIPHER-ALL:-MAC-ALL:-KX-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+AEAD:+ECDHE-ECDSA:+ECDHE-RSA:+AES-128-GCM:+CHACHA20-POLY1305:+AES-256-GCM"
+        echo "SECURE128:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS-ALL:-CIPHER-ALL:-MAC-ALL:-KX-ALL:+AEAD:+ECDHE-ECDSA:+ECDHE-RSA:+AES-128-GCM:+CHACHA20-POLY1305:+AES-256-GCM"
     fi 
 }
 
