From 0c3e11766c5c0eff7e4f6cb113c69e0deffa9b07 Mon Sep 17 00:00:00 2001
From: Henrik Lissner <henrik@lissner.net>
Date: Tue, 21 Apr 2020 17:08:34 -0400
Subject: [PATCH] Fix #2949: swap TLS 1.3 & 1.2 in gnutls-algorithm-priority

---
 core/core.el | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/core/core.el b/core/core.el
index 9a9b5d0db..5c93aa91b 100644
--- a/core/core.el
+++ b/core/core.el
@@ -196,11 +196,12 @@ users).")
 (setq gnutls-verify-error (not (getenv "INSECURE"))
       gnutls-algorithm-priority
       (when (boundp 'libgnutls-version)
-        (concat "SECURE128:+SECURE192:-VERS-ALL:+VERS-TLS1.2"
+        (concat "SECURE128:+SECURE192:-VERS-ALL"
                 (if (and (not IS-WINDOWS)
                          (not (version< emacs-version "26.3"))
                          (>= libgnutls-version 30605))
-                    ":+VERS-TLS1.3")))
+                    ":+VERS-TLS1.3")
+                ":+VERS-TLS1.2"))
       ;; `gnutls-min-prime-bits' is set based on recommendations from
       ;; https://www.keylength.com/en/4/
       gnutls-min-prime-bits 3072