diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-02-12 19:49:46 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-02-12 19:49:46 +0100 |
commit | 11a50356e422b62a2b3e61d4b4934cc7f397f24f (patch) | |
tree | 47398587d69e34028b0287ab6ae22dbef6a1110a /doc | |
parent | e4917e4062198b8fea338a7ce9c18a666a4f7e78 (diff) | |
download | gnutls-11a50356e422b62a2b3e61d4b4934cc7f397f24f.tar.gz |
Applied part of Ted Zlatanov's patch.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/cha-gtls-app.texi | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 95f2d293ec..8efa533416 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -879,12 +879,11 @@ are listed in @ref{The Alert Protocol}. @section Priority strings @cindex Priority strings -In order to specify cipher suite preferences on a TLS session -there are priority functions that accept a string -specifying the enabled for the handshake algorithms. -That string may contain a single initial keyword such as -in @ref{tab:prio-keywords} and may be followed by -additional algorithm or special keywords. +The GnuTLS priority string specifies the TLS session's handshake +algorithms and options in a compact, easy-to-use format. That string +may contain a single initial keyword such as in +@ref{tab:prio-keywords} and may be followed by additional algorithm or +special keywords. @showfuncB{gnutls_priority_set_direct,gnutls_priority_set} @@ -911,6 +910,8 @@ margin, although the 256-bit ciphers are included as a fallback only. The message authenticity security level is of 64 bits or more, and the certificate verification profile is set to GNUTLS_PROFILE_LOW (80-bits). +This priority string implicitly enables DHE and ECDHE. + @item PFS @tab Means all the known to be secure ciphersuites that support perfect forward secrecy. The ciphers are sorted by security @@ -1010,6 +1011,8 @@ PSK, DHE-PSK, ECDHE-RSA, ANON-ECDH, ANON-DH. The Catch all name is KX-ALL which will add all the algorithms from NORMAL priority. +Add @code{!DHE-RSA:!DHE-DSS} to the priority string to disable DHE. + @item MAC @tab MD5, SHA1, SHA256, AEAD (used with GCM ciphers only). All algorithms from NORMAL priority can be accessed with MAC-ALL. |