diff -Nru gnutls28-3.5.8/debian/changelog gnutls28-3.5.8/debian/changelog
--- gnutls28-3.5.8/debian/changelog	2017-06-13 17:19:05.000000000 +0000
+++ gnutls28-3.5.8/debian/changelog	2017-08-10 00:34:06.000000000 +0000
@@ -1,3 +1,11 @@
+gnutls28 (3.5.8-6ubuntu1.1) artful; urgency=medium
+
+  * use_normal_priority_for_openssl_sslv23.diff by Andreas Metzler:
+    OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority,
+    which includes TLS1.2 support. Closes: #857436 and LP: #1709193
+
+ -- Simon Deziel <simon.deziel@gmail.com>  Thu, 10 Aug 2017 00:34:06 +0000
+
 gnutls28 (3.5.8-6ubuntu1) artful; urgency=medium
 
   * Merge with Debian. Remaining changes:
diff -Nru gnutls28-3.5.8/debian/patches/series gnutls28-3.5.8/debian/patches/series
--- gnutls28-3.5.8/debian/patches/series	2017-06-13 17:19:05.000000000 +0000
+++ gnutls28-3.5.8/debian/patches/series	2017-08-10 00:32:28.000000000 +0000
@@ -14,3 +14,4 @@
 36_CVE-2017-7507_3-gnutls_ocsp_status_request_enable_client-documented-.patch
 disable_global_init_override_test.patch
 add-openssl-test-link.patch
+use_normal_priority_for_openssl_sslv23.diff
diff -Nru gnutls28-3.5.8/debian/patches/use_normal_priority_for_openssl_sslv23.diff gnutls28-3.5.8/debian/patches/use_normal_priority_for_openssl_sslv23.diff
--- gnutls28-3.5.8/debian/patches/use_normal_priority_for_openssl_sslv23.diff	1970-01-01 00:00:00.000000000 +0000
+++ gnutls28-3.5.8/debian/patches/use_normal_priority_for_openssl_sslv23.diff	2017-08-10 00:34:04.000000000 +0000
@@ -0,0 +1,28 @@
+Backport of:
+
+From 363056f7db6f61f818523888085638e85c6a81f7 Apr, 2 2017
+Description: Use NORMAL priority for SSLv23_*_method.  Instead of
+ enforcing TLS1.0/SSL3.0 use gnutls NORMAL priority for SSLv23_*_methods.
+Author: Andreas Metzler <ametzler@bebt.de>
+Last-Update: 2017-04-02
+
+--- gnutls28-3.5.8.orig/extra/gnutls_openssl.c
++++ gnutls28-3.5.8/extra/gnutls_openssl.c
+@@ -483,7 +483,7 @@ SSL_METHOD *SSLv23_client_method(void)
+ 		return NULL;
+ 
+ 	strcpy(m->priority_string,
+-	       "NONE:+VERS-TLS1.0:+VERS-SSL3.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
++	       "NORMAL");
+ 
+ 	m->connend = GNUTLS_CLIENT;
+ 
+@@ -498,7 +498,7 @@ SSL_METHOD *SSLv23_server_method(void)
+ 		return NULL;
+ 
+ 	strcpy(m->priority_string,
+-	       "NONE:+VERS-TLS1.0:+VERS-SSL3.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
++	       "NORMAL");
+ 	m->connend = GNUTLS_SERVER;
+ 
+ 	return m;