#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <unistd.h>
#include <gnutls/gnutls.h>
/* Don't use known insecure algorithms. */ \
"SECURE" \
/* Lower priority of SHA-1, user better hashes if possible. */ \
- ":-SHA1:+SHA1"
+ ":-SHA1:+SHA1" \
+ /* Force safe renegotiations. Shouldn't cause any problems as this \
+ * option only affects the server side (with GnuTLS defaults) and the \
+ * local clients most-likely already support safe renegotiations (old \
+ * servers are therefore not an issue). */ \
+ ":%SAFE_RENEGOTIATION"
/* Proxy hostname and port if specified on the command line. */