Rechercher une page de manuel
gnutls_priority_init
Langue: en
Version: 2.6.6 (fedora - 06/07/09)
Section: 3 (Bibliothèques de fonctions)
Sommaire
NAME
gnutls_priority_init - Sets priorities for the cipher suites supported by gnutls.SYNOPSIS
#include <gnutls/gnutls.h>int gnutls_priority_init(gnutls_priority_t * priority_cache, const char * priorities, const char ** err_pos);
ARGUMENTS
- gnutls_priority_t * priority_cache
- is a gnutls_prioritity_t structure.
- const char * priorities
- is a string describing priorities
- const char ** err_pos
- In case of an error this will have the position in the string the error occured
DESCRIPTION
Sets priorities for the ciphers, key exchange methods, macs and compression methods. This is to avoid using the gnutls_*_priority() functions.The priorities option allows you to specify a semi-colon separated list of the cipher priorities to enable.
Unless the first keyword is "NONE" the defaults are:
PROTOCOLS
TLS1.1, TLS1.0, and SSL3.0.COMPRESSION
NULL.CERTIFICATE TYPES
X.509, OpenPGP.YOU CAN ALSO USE PREDEFINED SETS OF CIPHERSUITES
"PERFORMANCE" all the "secure" ciphersuites are enabled, limited to 128 bit ciphers and sorted by terms of speed performance."NORMAL" option enables all "secure" ciphersuites. The 256-bit ciphers are included as a fallback only. The ciphers are sorted by security margin.
"SECURE128" flag enables all "secure" ciphersuites with ciphers up to 128 bits, sorted by security margin.
"SECURE256" flag enables all "secure" ciphersuites including the 256 bit ciphers, sorted by security margin.
"EXPORT" all the ciphersuites are enabled, including the low-security 40 bit ciphers.
"NONE" nothing is enabled. This disables even protocols and compression methods.
SPECIAL KEYWORDS
"!" or "-" appended with an algorithm will remove this algorithm. "+" appended with an algorithm will add this algorithm. "COMPAT" will enable compatibility features for a server. "SSL3_RECORD_VERSION" will use SSL3.0 record version in client hello.To avoid collisions in order to specify a compression algorithm in this string you have to prefix it with "COMP-", protocol versions with "VERS-" and certificate types with "CTYPE-". All other algorithms don't need a prefix.
For key exchange algorithms when in NORMAL or SECURE levels the perfect forward secrecy algorithms take precendence of the other protocols. In all cases all the supported key exchange algorithms are enabled (except for the RSA-EXPORT which is only enabled in EXPORT level).
Note that although one can select very long key sizes (such as 256 bits) for symmetric algorithms, to actually increase security the public key algorithms have to use longer key sizes as well.
EXAMPLES
"NORMAL:!AES-128-CBC", "EXPORT:!VERS-TLS1.0:+COMP-DEFLATE:+CTYPE-OPENPGP", "NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL", "NORMAL", "NORMAL:COMPAT".For all the current available algorithms and protocols use "gnutls-cli -l" to get a listing.
RETURNS
On syntax error GNUTLS_E_INVALID_REQUEST is returned, GNUTLS_E_SUCCESS on success, or an error code.REPORTING BUGS
Report bugs to <bug-gnutls@gnu.org>.COPYRIGHT
Copyright © 2008 Free Software Foundation.Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies.
SEE ALSO
The full documentation for gnutls is maintained as a Texinfo manual. If the info and gnutls programs are properly installed at your site, the command- info gnutls
should give you access to the complete manual.
Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre