|
gnutls_priority_init — API function
#include <gnutls/gnutls.h>
int
gnutls_priority_init( |
gnutls_priority_t * priority_cache, |
const char * priorities, | |
const char ** err_pos) ; |
is a gnutls_prioritity_t structure.
is a string describing priorities
In case of an error this will have the position in the string the error occured
Sets priorities for the ciphers, key exchange methods, macs and compression methods.
The priorities
option allows you to specify a colon separated list of the
cipher priorities to enable. Some keywords are defined to
provide quick access to common preferences.
Unless there is a special need, using "NORMAL" or
"NORMAL:COMPAT
" for
compatibility is recommended.
"PERFORMANCE" means all the "secure" ciphersuites are enabled, limited to 128 bit ciphers and sorted by terms of speed performance.
"NORMAL" means all "secure" ciphersuites. The 256−bit ciphers are included as a fallback only. The ciphers are sorted by security margin.
"PFS" means all "secure" ciphersuites that support perfect forward secrecy. The 256−bit ciphers are included as a fallback only. The ciphers are sorted by security margin.
"SECURE128" means all "secure" ciphersuites of security level 128−bit or more.
"SECURE192" means all "secure" ciphersuites of security level 192−bit or more.
"SUITEB128" means all the NSA SuiteB ciphersuites with security level of 128.
"SUITEB192" means all the NSA SuiteB ciphersuites with security level of 192.
"EXPORT" means all ciphersuites are enabled, including the low−security 40 bit ciphers.
"NONE" means nothing is enabled. This disables even protocols and compression methods.
Special keywords are "!", "−" and "+". "!" or "−" appended with an algorithm will remove this algorithm. "+" appended with an algorithm will add this algorithm.
Check the GnuTLS manual section "Priority strings" for detailed information.
"NONE:+VERS−TLS−ALL:+MAC−ALL:+RSA:+AES−128−CBC:+SIGN−ALL:+COMP−NULL"
"NORMAL:−ARCFOUR−128" means normal ciphers except for ARCFOUR−128.
"SECURE128:−VERS−SSL3.0:+COMP−DEFLATE" means that only secure ciphers are enabled, SSL3.0 is disabled, and libz compression enabled.
"NONE:+VERS−TLS−ALL:+AES−128−CBC:+RSA:+SHA1:+COMP−NULL:+SIGN−RSA−SHA1",
"NONE:+VERS−TLS−ALL:+AES−128−CBC:+ECDHE−RSA:+SHA1:+COMP−NULL:+SIGN−RSA−SHA1:+CURVE−SECP256R1",
"SECURE256:+SECURE128",
Note that "NORMAL:COMPAT
" is
the most compatible mode.
On syntax error GNUTLS_E_INVALID_REQUEST is returned, GNUTLS_E_SUCCESS on success, or an error code.
Report bugs to <bug-gnutls@gnu.org>.
General guidelines for reporting bugs: http://www.gnu.org/gethelp/
GnuTLS home page: http://www.gnu.org/software/gnutls/
The full documentation for gnutls is maintained as a Texinfo manual. If the info and gnutls programs are properly installed at your site, the command
info gnutls
should give you access to the complete manual. As an alternative you may obtain the manual from:
COPYRIGHT |
---|
Copyright © 2001-2013 Free Software Foundation, Inc.. Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. |