1gnutls_priority_init(3) gnutls gnutls_priority_init(3)
2
6 gnutls_priority_init - API function
7
9 #include <gnutls/gnutls.h>
10 int gnutls_priority_init(gnutls_priority_t * priority_cache, const char
12 * priorities, const char ** err_pos);
13
15 gnutls_priority_t * priority_cache
16 is a gnutls_prioritity_t structure.
17 const char * priorities
19 is a string describing priorities (may be NULL)
20 const char ** err_pos
22 In case of an error this will have the position in the
23 string the error occurred
24
26 Sets priorities for the ciphers, key exchange methods, macs and com‐
27 pression methods.
28 The priorities option allows you to specify a colon separated list of
30 the cipher priorities to enable. Some keywords are defined to provide
31 quick access to common preferences.
32 Unless there is a special need, use the "NORMAL" keyword to apply a
34 reasonable security level, or "NORMAL:COMPAT" for compatibility.
35 "PERFORMANCE" means all the "secure" ciphersuites are enabled, limited
37 to 128 bit ciphers and sorted by terms of speed performance.
38 "LEGACY" the NORMAL settings for GnuTLS 3.2.x or earlier. There is no
40 verification profile set, and the allowed DH primes are considered weak
41 today.
42 "NORMAL" means all "secure" ciphersuites. The 256-bit ciphers are
44 included as a fallback only. The ciphers are sorted by security mar‐
45 gin.
46 "PFS" means all "secure" ciphersuites that support perfect forward
48 secrecy. The 256-bit ciphers are included as a fallback only. The
49 ciphers are sorted by security margin.
50 "SECURE128" means all "secure" ciphersuites of security level 128-bit
52 or more.
53 "SECURE192" means all "secure" ciphersuites of security level 192-bit
55 or more.
56 "SUITEB128" means all the NSA SuiteB ciphersuites with security level
58 of 128.
59 "SUITEB192" means all the NSA SuiteB ciphersuites with security level
61 of 192.
62 "EXPORT" means all ciphersuites are enabled, including the low-security
64 40 bit ciphers.
65 "NONE" means nothing is enabled. This disables even protocols and com‐
67 pression methods.
68 " KEYWORD " The system administrator imposed settings. The provided
70 keywords will be expanded from a configuration-time provided file -
71 default is: /etc/gnutls/default-priorities. Any keywords that follow
72 it, will be appended to the expanded string. If there is no system
73 string, then the function will fail. The system file should be format‐
74 ted as "KEYWORD=VALUE", e.g., "SYSTEM=NORMAL:-ARCFOUR-128".
75 Special keywords are "!", "-" and "+". "!" or "-" appended with an
77 algorithm will remove this algorithm. "+" appended with an algorithm
78 will add this algorithm.
79 Check the GnuTLS manual section "Priority strings" for detailed infor‐
81 mation.
82
84 "NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL"
85 "NORMAL:-ARCFOUR-128" means normal ciphers except for ARCFOUR-128.
87 "SECURE128:-VERS-SSL3.0:+COMP-DEFLATE" means that only secure ciphers
89 are enabled, SSL3.0 is disabled, and libz compression enabled.
90 "NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1",
92 "NONE:+VERS-TLS-ALL:+AES-128-CBC:+ECDHE-RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1:+CURVE-SECP256R1",
94 "SECURE256:+SECURE128",
96 Note that "NORMAL:COMPAT" is the most compatible mode.
98 A NULL priorities string indicates the default priorities to be used
100 (this is available since GnuTLS 3.3.0).
101
103 On syntax error GNUTLS_E_INVALID_REQUEST is returned, GNUTLS_E_SUCCESS
104 on success, or an error code.
105
107 Report bugs to <bugs@gnutls.org>.
108 Home page: http://www.gnutls.org
109
112 Copyright © 2001-2014 Free Software Foundation, Inc..
113 Copying and distribution of this file, with or without modification,
114 are permitted in any medium without royalty provided the copyright
115 notice and this notice are preserved.
116
118 The full documentation for gnutls is maintained as a Texinfo manual.
119 If the /usr/share/doc/gnutls/ directory does not contain the HTML form
120 visit
121 http://www.gnutls.org/manual/
123gnutls 3.3.29 gnutls_priority_init(3)