diff -Nru gnutls28-3.4.10/debian/changelog gnutls28-3.4.10/debian/changelog
--- gnutls28-3.4.10/debian/changelog	2017-06-12 09:32:37.000000000 -0400
+++ gnutls28-3.4.10/debian/changelog	2017-08-09 19:44:36.000000000 -0400
@@ -1,3 +1,11 @@
+gnutls28 (3.4.10-4ubuntu1.4) xenial; urgency=medium
+
+  * use_normal_priority_for_openssl_sslv23.diff by Andreas Metzler:
+    OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority,
+    which includes TLS1.2 support. Closes: #857436 and LP: #1709193
+
+ -- Simon Deziel <simon.deziel@gmail.com>  Mon, 07 Aug 2017 23:04:43 +0000
+
 gnutls28 (3.4.10-4ubuntu1.3) xenial-security; urgency=medium
 
   * SECURITY UPDATE: null pointer dereference via status response TLS
diff -Nru gnutls28-3.4.10/debian/patches/series gnutls28-3.4.10/debian/patches/series
--- gnutls28-3.4.10/debian/patches/series	2017-06-12 09:32:30.000000000 -0400
+++ gnutls28-3.4.10/debian/patches/series	2017-08-09 19:44:09.000000000 -0400
@@ -16,3 +16,4 @@
 CVE-2017-7507-1.patch
 CVE-2017-7507-2.patch
 CVE-2017-7507-3.patch
+use_normal_priority_for_openssl_sslv23.diff
diff -Nru gnutls28-3.4.10/debian/patches/use_normal_priority_for_openssl_sslv23.diff gnutls28-3.4.10/debian/patches/use_normal_priority_for_openssl_sslv23.diff
--- gnutls28-3.4.10/debian/patches/use_normal_priority_for_openssl_sslv23.diff	1969-12-31 19:00:00.000000000 -0500
+++ gnutls28-3.4.10/debian/patches/use_normal_priority_for_openssl_sslv23.diff	2017-08-09 19:43:05.000000000 -0400
@@ -0,0 +1,28 @@
+Backport of:
+
+From 363056f7db6f61f818523888085638e85c6a81f7 Apr, 2 2017
+Description: Use NORMAL priority for SSLv23_*_method.  Instead of
+ enforcing TLS1.0/SSL3.0 use gnutls NORMAL priority for SSLv23_*_methods.
+Author: Andreas Metzler <ametzler@bebt.de>
+Last-Update: 2017-04-02
+
+--- gnutls28-3.4.10.orig/extra/gnutls_openssl.c
++++ gnutls28-3.4.10/extra/gnutls_openssl.c
+@@ -483,7 +483,7 @@ SSL_METHOD *SSLv23_client_method(void)
+ 		return NULL;
+ 
+ 	strcpy(m->priority_string,
+-	       "NONE:+VERS-TLS1.0:+VERS-SSL3.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
++	       "NORMAL");
+ 
+ 	m->connend = GNUTLS_CLIENT;
+ 
+@@ -498,7 +498,7 @@ SSL_METHOD *SSLv23_server_method(void)
+ 		return NULL;
+ 
+ 	strcpy(m->priority_string,
+-	       "NONE:+VERS-TLS1.0:+VERS-SSL3.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
++	       "NORMAL");
+ 	m->connend = GNUTLS_SERVER;
+ 
+ 	return m;