diff --git a/NEWS b/NEWS
index 9c57b0a1..a3414000 100644
--- a/NEWS
+++ b/NEWS
@@ -21,9 +21,9 @@ Incompatibilities:
 Other changes:
 
 * critical bug 1071: Fix crash in get_dom_node_child.
-* Debian bug 528661: If using GNUTLS, disable various TLS extensions
-  (including CERT and SERVERNAME) to help handshaking with the
-  SSLv3-only bugzilla.novell.com.
+* Debian bug 528661: If using GNUTLS 2.1.7 or later, disable various
+  TLS extensions (including CERT and SERVERNAME) to help handshaking
+  with the SSLv3-only bugzilla.novell.com.
 * Debian build bug 526349: Include asciidoc.py from AsciiDoc 7.1.2,
   to remove all dependencies on the installed version.
 * build enhancement: Recognize ``configure --without-tre''.
diff --git a/configure.in b/configure.in
index f1b2574b..484602c8 100644
--- a/configure.in
+++ b/configure.in
@@ -1098,23 +1098,35 @@ else
 		GNUTLS_LIBS=`pkg-config --libs gnutls`
 		AC_MSG_RESULT([[yes: $GNUTLS_CFLAGS $GNUTLS_LIBS]])
 
-		# Verify if it's really usable.  gnutls_session was
-		# renamed to gnutls_session_t before GNU TLS 1.2.0
-		# (on 2004-06-13); ELinks now requires this.
-		AC_MSG_CHECKING([[whether GNUTLS can be linked with]])
 		EL_SAVE_FLAGS
 		LIBS="$GNUTLS_LIBS $LIBS"
 		CFLAGS="$CFLAGS $GNUTLS_CFLAGS"
 		CPPFLAGS="$CPPFLAGS $GNUTLS_CFLAGS"
+
+		# Verify if it's really usable.  gnutls_session was
+		# renamed to gnutls_session_t before GNU TLS 1.2.0
+		# (on 2004-06-13); ELinks now requires this.
+		AC_MSG_CHECKING([[whether GNUTLS can be linked with]])
 		AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <gnutls/gnutls.h>]],
 						[[gnutls_session_t dummy;
-				  		  gnutls_check_version(NULL)]])],
+						  gnutls_check_version(NULL)]])],
 			       [cf_result=yes],
 			       [cf_result=no])
+		AC_MSG_RESULT([[$cf_result]])
+
+		if test "$cf_result" = yes; then
+			# According to gnutls/NEWS, the function was originally
+			# added as gnutls_set_default_priority2 in GNUTLS 2.1.4
+			# (released 2007-10-27) and then renamed to
+			# gnutls_priority_set_direct in GNUTLS 2.1.7 (released
+			# 2007-11-29).
+			AC_CHECK_FUNCS([gnutls_priority_set_direct])
+		fi
+
 		EL_RESTORE_FLAGS
+	else
+		AC_MSG_RESULT([[$cf_result]])
 	fi
-	# This can match either AC_MSG_CHECKING above.  A bit hacky...
-	AC_MSG_RESULT([[$cf_result]])
 
 	if test "$cf_result" = yes; then
 		EL_CONFIG(CONFIG_GNUTLS, [GNUTLS])
diff --git a/src/network/ssl/ssl.c b/src/network/ssl/ssl.c
index 1da8f454..8f3e7e51 100644
--- a/src/network/ssl/ssl.c
+++ b/src/network/ssl/ssl.c
@@ -255,12 +255,15 @@ init_ssl_connection(struct socket *socket)
 		return S_SSL_ERROR;
 	}
 
+#ifdef HAVE_GNUTLS_PRIORITY_SET_DIRECT
 	if (gnutls_priority_set_direct(*state, "NORMAL:-CTYPE-OPENPGP", NULL)) {
 		gnutls_deinit(*state);
 		mem_free(state);
 		return S_SSL_ERROR;
 	}
-	/* gnutls_set_default_priority(*state); */
+#else
+	gnutls_set_default_priority(*state);
+#endif
 	/* gnutls_handshake_set_private_extensions(*state, 1); */
 	gnutls_cipher_set_priority(*state, cipher_priority);
 	gnutls_kx_set_priority(*state, kx_priority);