gnutls_priority_init2(3) — Linux manual page


gnutls_priority_init2(3)         gnutls         gnutls_priority_init2(3)

NAME         top

       gnutls_priority_init2 - API function

SYNOPSIS         top

       #include <gnutls/gnutls.h>

       int gnutls_priority_init2(gnutls_priority_t * priority_cache,
       const char * priorities, const char ** err_pos, unsigned flags);

ARGUMENTS         top

       gnutls_priority_t * priority_cache
                   is a gnutls_priority_t type.

       const char * priorities
                   is a string describing priorities (may be NULL)

       const char ** err_pos
                   In case of an error this will have the position in
                   the string the error occurred

       unsigned flags
                   zero or GNUTLS_PRIORITY_INIT_DEF_APPEND

DESCRIPTION         top

       Sets priorities for the ciphers, key exchange methods, and macs.
       The  priority_cache should be deinitialized using

       The priorities option allows you to specify a colon separated
       list of the cipher priorities to enable.  Some keywords are
       defined to provide quick access to common preferences.

       When  flags is set to GNUTLS_PRIORITY_INIT_DEF_APPEND then the
       priorities specified will be appended to the default options.

       Unless there is a special need, use the "NORMAL" keyword to apply
       a reasonable security level, or "NORMAL:%COMPAT" for

       "PERFORMANCE" means all the "secure" ciphersuites are enabled,
       limited to 128 bit ciphers and sorted by terms of speed

       "LEGACY" the NORMAL settings for GnuTLS 3.2.x or earlier. There
       is no verification profile set, and the allowed DH primes are
       considered weak today.

       "NORMAL" means all "secure" ciphersuites. The 256-bit ciphers are
       included as a fallback only.  The ciphers are sorted by security

       "PFS" means all "secure" ciphersuites that support perfect
       forward secrecy.  The 256-bit ciphers are included as a fallback
       only.  The ciphers are sorted by security margin.

       "SECURE128" means all "secure" ciphersuites of security level
       128-bit or more.

       "SECURE192" means all "secure" ciphersuites of security level
       192-bit or more.

       "SUITEB128" means all the NSA SuiteB ciphersuites with security
       level of 128.

       "SUITEB192" means all the NSA SuiteB ciphersuites with security
       level of 192.

       "NONE" means nothing is enabled.  This disables everything,
       including protocols.

       "@KEYWORD1,KEYWORD2,..." The system administrator imposed
       settings.  The provided keyword(s) will be expanded from a
       configuration-time provided file - default is:
       /etc/gnutls/config.  Any attributes that follow it, will be
       appended to the expanded string. If multiple keywords are
       provided, separated by commas, then the first keyword that exists
       in the configuration file will be used. At least one of the
       keywords must exist, or this function will return an error.
       Typical usage would be to specify an application specified
       keyword first, followed by "SYSTEM" as a default fallback. e.g.,
       " LIBVIRT ,SYSTEM:!-VERS-SSL3.0" will first try to find a config
       file entry matching "LIBVIRT", but if that does not exist will
       use the entry for "SYSTEM". If "SYSTEM" does not exist either, an
       error will be returned. In all cases, the SSL3.0 protocol will be
       disabled. The system priority file entries should be formatted as

       Special keywords are "!", "-" and "+".  "!" or "-" appended with
       an algorithm will remove this algorithm.  "+" appended with an
       algorithm will add this algorithm.

       Check the GnuTLS manual section "Priority strings" for detailed

EXAMPLES         top


       "NORMAL:+ARCFOUR-128" means normal ciphers plus ARCFOUR-128.

       "SECURE128:-VERS-SSL3.0" means that only secure ciphers are and
       enabled, SSL3.0 is disabled.




       Note that "NORMAL:%COMPAT" is the most compatible mode.

       A NULL  priorities string indicates the default priorities to be
       used (this is available since GnuTLS 3.3.0).

RETURNS         top

       On syntax error GNUTLS_E_INVALID_REQUEST is returned,
       GNUTLS_E_SUCCESS on success, or an error code.

SINCE         top


REPORTING BUGS         top

       Report bugs to <>.
       Home page:

COPYRIGHT         top

       Copyright © 2001- Free Software Foundation, Inc., and others.
       Copying and distribution of this file, with or without
       modification, are permitted in any medium without royalty
       provided the copyright notice and this notice are preserved.

SEE ALSO         top

       The full documentation for gnutls is maintained as a Texinfo
       manual.  If the /usr/share/doc/gnutls/ directory does not contain
       the HTML form visit 

COLOPHON         top

       This page is part of the GnuTLS (GnuTLS Transport Layer Security
       Library) project.  Information about the project can be found at
       ⟨⟩.  If you have a bug report for this
       manual page, send it to  This page was obtained
       from the tarball gnutls-3.7.2.tar.xz fetched from
       ⟨⟩ on 2021-08-27.  If you
       discover any rendering problems in this HTML version of the page,
       or you believe there is a better or more up-to-date source for
       the page, or you have corrections or improvements to the
       information in this COLOPHON (which is not part of the original
       manual page), send a mail to

gnutls                            3.7.2         gnutls_priority_init2(3)