From 454eb184f0c2255a9d33fbdd096906b8e18ef582 Mon Sep 17 00:00:00 2001
From: Dimitri John Ledkov <xnox@ubuntu.com>
Date: Tue, 7 Jan 2020 11:32:37 +0000
Subject: libgnutls: Add system-wide default-priority-string override.

Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
---
 doc/cha-config.texi | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'doc')

diff --git a/doc/cha-config.texi b/doc/cha-config.texi
index 3cc568a607..f094407900 100644
--- a/doc/cha-config.texi
+++ b/doc/cha-config.texi
@@ -25,6 +25,7 @@ used can be queried using @funcref{gnutls_get_system_config_file}.
 * Disabling algorithms and protocols::
 * Querying for disabled algorithms and protocols::
 * Overriding the parameter verification profile::
+* Overriding the default priority string::
 @end menu
 
 @node Application-specific priority strings
@@ -156,3 +157,18 @@ using the following.
 min-verification-profile = legacy
 
 @end example
+
+@node Overriding the default priority string
+@section Overriding the default priority string
+
+GnuTLS uses default priority string which is defined at compiled
+time. Usually it is set to @code{NORMAL}. This override allows to set
+the default priority string to something more appropriate for a given
+deployment.
+
+Below example sets a more specific default priority string.
+@example
+[overrides]
+default-priority-string = SECURE128:-VERS-TLS-ALL:+VERS-TLS1.3
+
+@end example
-- 
cgit v1.2.1