docs-xml/smbdotconf/security/tlspriority.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

<samba:parameter name="tls priority"
                 type="string"
                 context="G"
                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
   <para>This option can be set to a string describing the TLS protocols
   to be supported in the parts of Samba that use GnuTLS, specifically
   the AD DC.
   </para>
   <para>The default turns off SSLv3, as this protocol is no longer considered
   secure after CVE-2014-3566 (otherwise known as POODLE) impacted SSLv3 use
   in HTTPS applications.
   </para>
   <para>The valid options are described in the
   <ulink url="http://gnutls.org/manual/html_node/Priority-Strings.html">GNUTLS
   Priority-Strings documentation at http://gnutls.org/manual/html_node/Priority-Strings.html</ulink>
   </para>
 </description>

 <value type="default">NORMAL:-VERS-SSL3.0</value>
</samba:parameter>