Please convert this application to use the system's crypto policy for SSL and TLS: https://fedoraproject.org/wiki/Packaging:CryptoPolicies If this program is compiled against gnutls, change the default priority string to be "@SYSTEM" or to use gnutls_set_default_priority(). If this program is compiled against openssl, and there is no default cipher list specified, you don't need to modify it. Otherwise replace the default cipher list with "PROFILE=SYSTEM". In both cases please verify that the application uses the system's crypto policies. If the package is already using the system-wide crypto policies, or it does not use SSL or TLS, no action is required, the bug can simply be closed.
danpb, can identify what actually needs to be done here? I think the only bit that might need changing is this line in qemu.git master: ui/vnc-tls.c: rc = gnutls_priority_set_direct(s, priority, NULL); But maybe your recent patches change that
My new TLS code for QEMU will invoke ret = gnutls_set_default_priority(session->handle); which will solve this.
That patch is upstream now. Will close this when the next qemu release is in rawhide
In rawhide now with qemu-2.5.0-rc1