SSL3 is disabled by default in GnuTLS 3.4.0 and later. Therefore we no longer need to explicitly include that in our default priority strings.
Seems to work well. The new default is just "NORMAL" and yet SSL 3 is still rejected (tested with openssl s_client):
> 2019-12-02 10:01:43 ERROR tlwebadm: [::ffff:10.47.1.240] gnutls_handshake: A packet with illegal or unsupported version was received.
Note though that migrating configuration will leave the old value in place. It doesn't seem to do any damage though. No warnings in the logs, and SSL 3 is still disabled.
Tested on RHEL 8.
Verified with 'openssl s_client' using Fedora 30 client/server. It gives the same output in the tlwebadm.log:
> 2019-12-02 16:18:10 ERROR tlwebadm: [::1] gnutls_handshake: A packet with illegal or unsupported version was received.