gnutls_priority_init2(3) gnutls gnutls_priority_init2(3)
NAME
gnutls_priority_init2 - API function
SYNOPSIS
#include <gnutls/gnutls.h>
int gnutls_priority_init2(gnutls_priority_t * priority_cache, const
char * priorities, const char ** err_pos, unsigned flags);
ARGUMENTS
gnutls_priority_t * priority_cache
is a gnutls_priority_t type.
const char * priorities
is a string describing priorities (may be NULL)
const char ** err_pos
In case of an error this will have the position in the
string the error occurred
unsigned flags
zero or GNUTLS_PRIORITY_INIT_DEF_APPEND
DESCRIPTION
Sets priorities for the ciphers, key exchange methods, and macs. The
priority_cache should be deinitialized using gnutls_priority_deinit().
The priorities option allows you to specify a colon separated list of
the cipher priorities to enable. Some keywords are defined to provide
quick access to common preferences.
When flags is set to GNUTLS_PRIORITY_INIT_DEF_APPEND then the priori-
ties specified will be appended to the default options.
Unless there is a special need, use the "NORMAL" keyword to apply a
reasonable security level, or "NORMAL:%COMPAT" for compatibility.
"PERFORMANCE" means all the "secure" ciphersuites are enabled, limited
to 128 bit ciphers and sorted by terms of speed performance.
"LEGACY" the NORMAL settings for GnuTLS 3.2.x or earlier. There is no
verification profile set, and the allowed DH primes are considered weak
today.
"NORMAL" means all "secure" ciphersuites. The 256-bit ciphers are in-
cluded as a fallback only. The ciphers are sorted by security margin.
"PFS" means all "secure" ciphersuites that support perfect forward se-
crecy. The 256-bit ciphers are included as a fallback only. The ci-
phers are sorted by security margin.
"SECURE128" means all "secure" ciphersuites of security level 128-bit
or more.
"SECURE192" means all "secure" ciphersuites of security level 192-bit
or more.
"SUITEB128" means all the NSA SuiteB ciphersuites with security level
of 128.
"SUITEB192" means all the NSA SuiteB ciphersuites with security level
of 192.
"NONE" means nothing is enabled. This disables everything, including
protocols.
"@KEYWORD1,KEYWORD2,..." The system administrator imposed settings.
The provided keyword(s) will be expanded from a configuration-time pro-
vided file - default is: /etc/gnutls/config. Any attributes that fol-
low it, will be appended to the expanded string. If multiple keywords
are provided, separated by commas, then the first keyword that exists
in the configuration file will be used. At least one of the keywords
must exist, or this function will return an error. Typical usage would
be to specify an application specified keyword first, followed by "SYS-
TEM" as a default fallback. e.g., " LIBVIRT ,SYSTEM:!-VERS-SSL3.0" will
first try to find a config file entry matching "LIBVIRT", but if that
does not exist will use the entry for "SYSTEM". If "SYSTEM" does not
exist either, an error will be returned. In all cases, the SSL3.0 pro-
tocol will be disabled. The system priority file entries should be for-
matted as "KEYWORD=VALUE", e.g., "SYSTEM=NORMAL:+ARCFOUR-128".
Special keywords are "!", "-" and "+". "!" or "-" appended with an al-
gorithm will remove this algorithm. "+" appended with an algorithm
will add this algorithm.
Check the GnuTLS manual section "Priority strings" for detailed infor-
mation.
EXAMPLES
"NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL"
"NORMAL:+ARCFOUR-128" means normal ciphers plus ARCFOUR-128.
"SECURE128:-VERS-SSL3.0" means that only secure ciphers are and en-
abled, SSL3.0 is disabled.
"NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1",
"NONE:+VERS-TLS-ALL:+AES-128-CBC:+ECDHE-RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1:+CURVE-SECP256R1",
"SECURE256:+SECURE128",
Note that "NORMAL:%COMPAT" is the most compatible mode.
A NULL priorities string indicates the default priorities to be used
(this is available since GnuTLS 3.3.0).
RETURNS
On syntax error GNUTLS_E_INVALID_REQUEST is returned, GNUTLS_E_SUCCESS
on success, or an error code.
SINCE
3.6.3
REPORTING BUGS
Report bugs to <bugs@gnutls.org>.
Home page: https://www.gnutls.org
COPYRIGHT
Copyright © 2001- Free Software Foundation, Inc., and others.
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright no-
tice and this notice are preserved.
SEE ALSO
The full documentation for gnutls is maintained as a Texinfo manual.
If the /usr/share/doc/gnutls/ directory does not contain the HTML form
visit
https://www.gnutls.org/manual/
gnutls 3.7.3 gnutls_priority_init2(3)
Generated by dwww version 1.14 on Sun Dec 29 18:28:15 CET 2024.