bug#25061: consider adding %COMPAT to default gnutls priority string

[Ted Zlatanov]

On Sun, 10 Dec 2017 16:12:20 +0200 Eli Zaretskii <eliz@gnu.org> wrote: 

>> From: Ted Zlatanov <tzz@lifelogs.com>
>> Cc: wingo@igalia.com,  25061@debbugs.gnu.org,  ludo@gnu.org,  
>> michael.albinus@gmx.de,  larsi@gnus.org
>> Date: Sun, 10 Dec 2017 08:29:27 -0500
>> 
>> It would change behavior for everyone for the sake of fixing a few
>> setups. Does %DUMBFW or %COMPAT create a risk that's not justified by
>> the functionality it provides? These exceptions have a way of living
>> long past their expiration date.
>> 
>> If we're confident that's the right thing, then let's change it in the
>> release and add a note in the docs. I'm OK with the change; any other
>> comments? What should be the actual string?

EZ> You mean, should we use %COMPAT or %DUMBFW?  I think the latter.  But
EZ> if no one can reproduce the problem and verify the fix, I think we
EZ> should simply describe the problem in PROBLEMS and leave the code
EZ> intact.

The GnuTLS docs say it "will add a private extension with bogus data
that make the client hello exceed 512 bytes. This avoids a black hole
behavior in some firewalls. This is the [RFC7685] client hello padding
extension, also enabled with %COMPAT." 
https://gnutls.org/manual/html_node/Priority-Strings.html

To me this appears benign and without downsides.

Can anyone knowledgeable comment on any possible downsides to this? I'll
wait 3 days for objections, then make the change in emacs-26.

Thanks
Ted