lib/tls: Add new 'tls priority' option

This adds a new option to the smb.conf to allow administrators to disable
TLS protocols in GnuTLS without changing the code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

1 files changed, 18 insertions, 0 deletions

diff --git a/docs-xml/smbdotconf/security/tlspriority.xml b/docs-xml/smbdotconf/security/tlspriority.xml
new file mode 100644
index 00000000000..345f0302764
--- /dev/null
+++ b/docs-xml/smbdotconf/security/tlspriority.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="tls priority"
+                 type="string"
+                 context="G"
+                 constant="1"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+ <description>
+   <para>This option can be set to a string describing the TLS protocols
+   to be supported in the parts of Samba that use GnuTLS, specifically
+   the AD DC.
+   </para>
+   <para>The valid options are described in the
+   <ulink url="http://gnutls.org/manual/html_node/Priority-Strings.html">GNUTLS
+   Priority-Strings documentation at http://gnutls.org/manual/html_node/Priority-Strings.html</ulink>
+   </para>
+ </description>
+
+ <value type="default">NORMAL</value>
+</samba:parameter>