diff options
-rw-r--r-- | doc/cha-gtls-app.texi | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 16323816ae..5517dbce8b 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -876,12 +876,11 @@ are listed in @ref{The Alert Protocol}. @section Priority strings @cindex Priority strings -In order to specify cipher suite preferences on a TLS session -there are priority functions that accept a string -specifying the enabled for the handshake algorithms. -That string may contain a single initial keyword such as -in @ref{tab:prio-keywords} and may be followed by -additional algorithm or special keywords. +The GnuTLS priority string specifies the TLS session's handshake +algorithms and options in a compact, easy-to-use format. That string +may contain a single initial keyword such as in +@ref{tab:prio-keywords} and may be followed by additional algorithm or +special keywords. @showfuncB{gnutls_priority_set_direct,gnutls_priority_set} @@ -898,6 +897,8 @@ Means all the known to be secure ciphersuites. The ciphers are sorted by securit margin, although the 256-bit ciphers are included as a fallback only. The message authenticity security level is of 64 bits or more. +This priority string implicitly enables DHE and ECDHE. + @item PFS @tab Means all the known to be secure ciphersuites that support perfect forward secrecy. The ciphers are sorted by security @@ -992,6 +993,8 @@ PSK, DHE-PSK, ECDHE-RSA, ANON-ECDH, ANON-DH. The Catch all name is KX-ALL which will add all the algorithms from NORMAL priority. +Add @code{!DHE-RSA:!DHE-DSS} to the priority string to disable DHE. + @item MAC @tab MD5, SHA1, SHA256, AEAD (used with GCM ciphers only). All algorithms from NORMAL priority can be accessed with MAC-ALL. |