libgnutls: Add system-wide default-priority-string override.

Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
author: Dimitri John Ledkov <xnox@ubuntu.com> 2020-01-07 11:32:37 +0000
committer: Dimitri John Ledkov <xnox@ubuntu.com> 2020-01-13 18:55:25 +0000
commit: 454eb184f0c2255a9d33fbdd096906b8e18ef582 (patch)
tree: 06183862ec93e55aad6951ef2cf4eaf6dc71e57a /doc
parent: 2e52d307be9f971c721a94a908f487df5e8e483b (diff)
download: gnutls-454eb184f0c2255a9d33fbdd096906b8e18ef582.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/doc/cha-config.texi b/doc/cha-config.texi
index 3cc568a607..f094407900 100644
--- a/doc/cha-config.texi
+++ b/doc/cha-config.texi
@@ -25,6 +25,7 @@ used can be queried using @funcref{gnutls_get_system_config_file}.
 * Disabling algorithms and protocols::
 * Querying for disabled algorithms and protocols::
 * Overriding the parameter verification profile::
+* Overriding the default priority string::
 @end menu
 
 @node Application-specific priority strings
@@ -156,3 +157,18 @@ using the following.
 min-verification-profile = legacy
 
 @end example
+
+@node Overriding the default priority string
+@section Overriding the default priority string
+
+GnuTLS uses default priority string which is defined at compiled
+time. Usually it is set to @code{NORMAL}. This override allows to set
+the default priority string to something more appropriate for a given
+deployment.
+
+Below example sets a more specific default priority string.
+@example
+[overrides]
+default-priority-string = SECURE128:-VERS-TLS-ALL:+VERS-TLS1.3
+
+@end example
author	Dimitri John Ledkov <xnox@ubuntu.com>	2020-01-07 11:32:37 +0000
committer	Dimitri John Ledkov <xnox@ubuntu.com>	2020-01-13 18:55:25 +0000
commit	454eb184f0c2255a9d33fbdd096906b8e18ef582 (patch)
tree	06183862ec93e55aad6951ef2cf4eaf6dc71e57a /doc
parent	2e52d307be9f971c721a94a908f487df5e8e483b (diff)
download	gnutls-454eb184f0c2255a9d33fbdd096906b8e18ef582.tar.gz