gnutls_priority_t * priority_cache
is a gnutls_prioritity_t type.
const char * priorities
is a string describing priorities (may be NULL)
const char ** err_pos
In case of an error this will have the position in the
string the error occurred
Sets priorities for the ciphers, key exchange methods, macs and
compression methods. The priority_cache should be deinitialized
The priorities option allows you to specify a colon separated list of
the cipher priorities to enable. Some keywords are defined to
provide quick access to common preferences.
Unless there is a special need, use the "NORMAL" keyword to apply a
reasonable security level, or "NORMAL:%COMPAT" for compatibility.
"PERFORMANCE" means all the "secure" ciphersuites are enabled,
limited to 128 bit ciphers and sorted by terms of speed performance.
"LEGACY" the NORMAL settings for GnuTLS 3.2.x or earlier. There is no
verification profile set, and the allowed DH primes are considered
"NORMAL" means all "secure" ciphersuites. The 256-bit ciphers are
included as a fallback only. The ciphers are sorted by security
"PFS" means all "secure" ciphersuites that support perfect forward
secrecy. The 256-bit ciphers are included as a fallback only. The
ciphers are sorted by security margin.
"SECURE128" means all "secure" ciphersuites of security level 128-bit
"SECURE192" means all "secure" ciphersuites of security level 192-bit
"SUITEB128" means all the NSA SuiteB ciphersuites with security level
"SUITEB192" means all the NSA SuiteB ciphersuites with security level
"NONE" means nothing is enabled. This disables even protocols and
"@KEYWORD1,KEYWORD2,..." The system administrator imposed settings.
The provided keyword(s) will be expanded from a configuration-time
provided file - default is: /etc/gnutls/default-priorities. Any
attributes that follow it, will be appended to the expanded string.
If multiple keywords are provided, separated by commas, then the
first keyword that exists in the configuration file will be used. At
least one of the keywords must exist, or this function will return an
error. Typical usage would be to specify an application specified
keyword first, followed by "SYSTEM" as a default fallback. e.g., "
LIBVIRT ,SYSTEM:!-VERS-SSL3.0" will first try to find a config file
entry matching "LIBVIRT", but if that does not exist will use the
entry for "SYSTEM". If "SYSTEM" does not exist either, an error will
be returned. In all cases, the SSL3.0 protocol will be disabled. The
system priority file entries should be formatted as "KEYWORD=VALUE",
Special keywords are "!", "-" and "+". "!" or "-" appended with an
algorithm will remove this algorithm. "+" appended with an algorithm
will add this algorithm.
Check the GnuTLS manual section "Priority strings" for detailed
"NORMAL:+ARCFOUR-128" means normal ciphers plus ARCFOUR-128.
"SECURE128:-VERS-SSL3.0:+COMP-DEFLATE" means that only secure ciphers
are enabled, SSL3.0 is disabled, and libz compression enabled.
Note that "NORMAL:%COMPAT" is the most compatible mode.
A NULL priorities string indicates the default priorities to be used
(this is available since GnuTLS 3.3.0).
This page is part of the GnuTLS (GnuTLS Transport Layer Security
Library) project. Information about the project can be found at
⟨http://www.gnutls.org/⟩. If you have a bug report for this manual
page, send it to email@example.com.. This page was obtained from the
tarball gnutls-3.5.9.tar.xz fetched from
⟨http://www.gnutls.org/download.html⟩ on 2017-04-25. If you discover
any rendering problems in this HTML version of the page, or you
believe there is a better or more up-to-date source for the page, or
you have corrections or improvements to the information in this
COLOPHON (which is not part of the original manual page), send a mail
gnutls 3.5.9 gnutls_priority_init(3)