diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-03-27 11:13:42 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-03-27 11:13:42 +0100 |
commit | 9217399323f44b7a0502a21e8d415dcd2adf7c16 (patch) | |
tree | 7993d3b7463e58dcec71a75d04bfedda070e1c59 /doc | |
parent | ded4b70aac7ba1a9910d4dd9f57f875c0baa5722 (diff) | |
download | gnutls-9217399323f44b7a0502a21e8d415dcd2adf7c16.tar.gz |
The %COMPAT keyword no longer reduces security.
Introduced the LEGACY keyword which will enable the settings
used in GnuTLS 3.2.x for NORMAL keyword. That is to be used in
cases where compatibility with weak or misconfigured servers is
required.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/cha-gtls-app.texi | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 8c4142dce8..c76539e4c5 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -912,6 +912,13 @@ and the certificate verification profile is set to GNUTLS_PROFILE_LOW (80-bits). This priority string implicitly enables DHE and ECDHE. +@item LEGACY @tab +This sets the NORMAL settings that were used for GnuTLS 3.2.x or earlier. There is +no verification profile set, and the allowed DH primes are considered +weak today (but are often used by misconfigured servers). + +This priority string implicitly enables DHE and ECDHE. + @item PFS @tab Means all the known to be secure ciphersuites that support perfect forward secrecy. The ciphers are sorted by security |