diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-08-20 15:17:04 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-08-22 13:44:14 +0000 |
commit | d1d8146f574cdd1a98484861256a32c57cd7a0c8 (patch) | |
tree | 6de9349b124f6e26156055b819987e0f47a49f98 /doc/cha-gtls-app.texi | |
parent | eedcaa695277653230ede9adb703dac97cdea7e1 (diff) | |
download | gnutls-tmp-be-backwards-compatible-with-prio.tar.gz |
priority: be backwards compatible with priority strings starting with NONEtmp-be-backwards-compatible-with-prio
That is, we allow priority strings which do not enable any groups to
work, by disabling TLS1.3. For example
'NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-GCM:+SIGN-ALL:+COMP-NULL'
is still operational, but no TLS1.3 is enabled when specified.
Resolves: #549
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'doc/cha-gtls-app.texi')
-rw-r--r-- | doc/cha-gtls-app.texi | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 9a4cf29933..c7a87a5a22 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1185,10 +1185,10 @@ verification profile. Means nothing is enabled. This disables even protocol versions. It should be followed by the algorithms to be enabled. Note that using this option to build a priority string gives detailed control -into the resulting settings, however it creates non-portable applications. -With new revisions of the TLS protocol new priority items are routinely added -requiring such a string to be continuously updated with the library. As -such, we advice against using that option for applications targetting multiple versions +into the resulting settings, however with new revisions of the TLS protocol +new priority items are routinely added, and such strings are not +forward compatible with new protocols. As such, we +advice against using that option for applications targetting multiple versions of the GnuTLS library, and recommend using the defaults (see above) or adjusting the defaults via @funcref{gnutls_set_default_priority_append}. |