priority: be backwards compatible with priority strings starting with NONEtmp-be-backwards-compatible-with-prio

That is, we allow priority strings which do not enable any groups to
work, by disabling TLS1.3. For example
'NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-GCM:+SIGN-ALL:+COMP-NULL'
is still operational, but no TLS1.3 is enabled when specified.

Resolves: #549

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 4 insertions, 4 deletions

diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 9a4cf29933..c7a87a5a22 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -1185,10 +1185,10 @@ verification profile.
 Means nothing is enabled.  This disables even protocol versions.
 It should be followed by the algorithms to be enabled. Note that
 using this option to build a priority string gives detailed control
-into the resulting settings, however it creates non-portable applications.
-With new revisions of the TLS protocol new priority items are routinely added
-requiring such a string to be continuously updated with the library. As
-such, we advice against using that option for applications targetting multiple versions
+into the resulting settings, however with new revisions of the TLS protocol
+new priority items are routinely added, and such strings are not
+forward compatible with new protocols. As such, we
+advice against using that option for applications targetting multiple versions
 of the GnuTLS library, and recommend using the defaults (see above) or
 adjusting the defaults via @funcref{gnutls_set_default_priority_append}.