Enable 3DES with GnuTLS With GnuTLS servers, 3DES-CBC cipher suites are enabled by default under our GNUTLS_LEGACY (3.3.8), but disabled by default under more recent versions including the one we use by default on the CI (3.4.6). Even modern versions (I checked 3.7.2) support 3DES if explicitly enabled. So unconditionally enable 3DES-CBC for GnuTLS. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: 2ca5a68ad31497b280e3c7bf3cd70172574c4e08 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Thu May 30 15:14:40 2024 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Thu May 30 15:14:40 2024 +0200
tree: 14d54ee9739ec6f018b775bca93c8d038edfa74c
parent: d2c418932a0d77ec56d251b6f72334bca19542db [diff]
diff --git a/tests/compat.sh b/tests/compat.sh
index b4a3638..1d8dfe4 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh

@@ -1023,7 +1023,7 @@
     M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
     O_SERVER_ARGS="-accept $PORT -cipher ALL,COMPLEMENTOFALL -$O_MODE"
     G_SERVER_ARGS="-p $PORT --http $G_MODE"
-    G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
+    G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+3DES-CBC:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
 
     # The default prime for `openssl s_server` depends on the version:
     # * OpenSSL <= 1.0.2a: 512-bit
commit	2ca5a68ad31497b280e3c7bf3cd70172574c4e08	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Thu May 30 15:14:40 2024 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Thu May 30 15:14:40 2024 +0200
tree	14d54ee9739ec6f018b775bca93c8d038edfa74c
parent	d2c418932a0d77ec56d251b6f72334bca19542db [diff]