diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-08-24 20:57:45 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-08-24 21:32:30 +0200 |
| commit | 7f97d06161f257b0bb8b1106d1b64cbb58d29a3c (patch) | |
| tree | 25486bb5f13bb752695871c2261e05ddf2805fb5 /doc/cha-intro-tls.texi | |
| parent | 7b74c80ed124af1de0d2d52f3c3b80d36b3a97bc (diff) | |
| download | gnutls-7f97d06161f257b0bb8b1106d1b64cbb58d29a3c.tar.gz | |
documentation changes.
Diffstat (limited to 'doc/cha-intro-tls.texi')
| -rw-r--r-- | doc/cha-intro-tls.texi | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi index f71b305202..ab117ba508 100644 --- a/doc/cha-intro-tls.texi +++ b/doc/cha-intro-tls.texi @@ -584,14 +584,10 @@ Changing this default behavior would prevent interoperability against the majority of deployed servers out there. We will reconsider this default behavior in the future when more servers have been upgraded. Note that it is easy to configure clients to always require the safe -renegotiation extension from servers (see below on the -@code{%SAFE_RENEGOTIATION} priority string). +renegotiation extension from servers. To modify the default behavior, we have introduced some new priority -strings. The priority strings can be used by applications -(@funcref{gnutls_priority_set}) and end users (e.g., @code{--priority} -parameter to @code{gnutls-cli} and @code{gnutls-serv}). - +strings (see @ref{Priority Strings}). The @code{%UNSAFE_RENEGOTIATION} priority string permits (re-)handshakes even when the safe renegotiation extension was not negotiated. The default behavior is @code{%PARTIAL_RENEGOTIATION} that will @@ -629,7 +625,7 @@ can be used both by clients and servers. @section Selecting cryptographic key sizes @cindex Key sizes -In TLS, since a lot of algorithms are involved, it is not easy to set +Because many algorithms are involved in TLS, it is not easy to set a consistent security level. For this reason in @ref{tab:key-sizes} we present some correspondence between key sizes of symmetric algorithms and public key algorithms based on @xcite{ECRYPT}. @@ -685,7 +681,7 @@ parameter with actual bit sizes of parameters for DH, RSA, SRP and ECC algorithm A mapping to @code{gnutls_sec_param_t} value is given for each security parameter, on the next column, and finally a brief description of the level. -Note however that the values suggested here are nothing more than an +Note, however, that the values suggested here are nothing more than an educated guess that is valid today. There are no guarantees that an algorithm will remain unbreakable or that these values will remain constant in time. There could be scientific breakthroughs that cannot |