openconnect/openconnect-6.00-no-ecdhe.patch

diff --git a/gnutls.c b/gnutls.c
index 13fb36c..1c1921f 100644
--- a/gnutls.c
+++ b/gnutls.c
@@ -1854,7 +1854,7 @@ static int verify_peer(gnutls_session_t session)
 # define _DEFAULT_PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:" \
 	"%COMPAT:%DISABLE_SAFE_RENEGOTIATION:%LATEST_RECORD_VERSION"
 # if GNUTLS_VERSION_MAJOR >= 3
-#  define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL"
+#  define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL:-ECDHE-RSA:-ECDHE-ECDSA"
 #else
 #  define DEFAULT_PRIO _DEFAULT_PRIO
 # endif
@@ -1983,7 +1983,6 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
 	} else {
 		prio = DEFAULT_PRIO;
 	}
-
 	err = gnutls_priority_set_direct(vpninfo->https_sess,
 					prio, NULL);
 	if (err) {