Manpage of 'gnutls_priority_init' on UHLU - BSD System Documentation,
Programming Reference, Manual Pages and Source Code
All manual pages         All RFC pages
Common page
for gnutls_priority_init		 Other pages
for gnutls_priority_init		 More pages
containing gnutls_priority_init

Section 3 manual page or howto for 'gnutls_priority_init'  

gnutls_priority_init(3) 	    gnutls	       gnutls_priority_init(3)



NAME
       gnutls_priority_init  - Sets priorities for the cipher suites supported
       by gnutls.

SYNOPSIS
       #include <gnutls/gnutls.h>

       int gnutls_priority_init(gnutls_priority_t * priority_cache, const char
       * priorities, const char ** err_pos);

ARGUMENTS
       gnutls_priority_t * priority_cache

		   is a gnutls_prioritity_t structure.

       const char * priorities

		   is a string describing priorities

       const char ** err_pos

		   In  case  of  an  error  this will have the position in the
		   string the error occured

DESCRIPTION
       Sets priorities for the ciphers, key exchange methods,  macs  and  com-
       pression  methods. This is to avoid using the gnutls_*_priority() func-
       tions.

       The priorities option allows you to specify a semi-colon separated list
       of the cipher priorities to enable.

       Unless  the  first keyword is "NONE" the defaults (in preference order)
       are for TLS protocols TLS1.1, TLS1.0, SSL3.0; for compression NULL; for
       certificate types X.509, OpenPGP.

       For key exchange algorithms when in NORMAL or SECURE levels the perfect
       forward secrecy algorithms take precendence of the other protocols.  In
       all cases all the supported key exchange algorithms are enabled (except
       for the RSA-EXPORT which is only enabled in EXPORT level).

       Note that although one can select very long  key  sizes	(such  as  256
       bits)  for symmetric algorithms, to actually increase security the pub-
       lic key algorithms have to use longer key sizes as well.

       For all the current available algorithms and protocols use  "gnutls-cli
       -l" to get a listing.

COMMON KEYWORDS
       Some  keywords  are  defined  to provide quick access to common prefer-
       ences.

       "PERFORMANCE" means all the "secure" ciphersuites are enabled,  limited
       to 128 bit ciphers and sorted by terms of speed performance.

       "NORMAL"  means	all  "secure"  ciphersuites.  The  256-bit ciphers are
       included as a fallback only.  The ciphers are sorted by	security  mar-
       gin.

       "SECURE128"  means  all	"secure"  ciphersuites	with ciphers up to 128
       bits, sorted by security margin.

       "SECURE256" means all  "secure"	ciphersuites  including  the  256  bit
       ciphers, sorted by security margin.

       "EXPORT" means all ciphersuites are enabled, including the low-security
       40 bit ciphers.

       "NONE" means nothing is enabled.  This disables even protocols and com-
       pression methods.

SPECIAL KEYWORDS
       "!" or "-" appended with an algorithm will remove this algorithm.

       "+" appended with an algorithm will add this algorithm.

       "%COMPAT" will enable compatibility features for a server.

       "%SSL3_RECORD_VERSION"  will use SSL3.0 record version in client hello.

       "%VERIFY_ALLOW_SIGN_RSA_MD5" will allow RSA-MD5 signatures in  certifi-
       cate chains.

       "%VERIFY_ALLOW_X509_V1_CA_CRT" will allow V1 CAs in chains.

NAMESPACE CONCERN
       To avoid collisions in order to specify a compression algorithm in this
       string you have to prefix  it  with  "COMP-",  protocol	versions  with
       "VERS-" and certificate types with "CTYPE-". All other algorithms don't
       need a prefix.

EXAMPLES
       "NORMAL:!AES-128-CBC" means normal ciphers except for AES-128.

       "EXPORT:!VERS-TLS1.0:+COMP-DEFLATE"  means  that  export  ciphers   are
       enabled, TLS 1.0 is disabled, and libz compression enabled.

       "NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL",	     "NORMAL",
       "%COMPAT".

RETURNS
       On syntax error GNUTLS_E_INVALID_REQUEST is returned,  GNUTLS_E_SUCCESS
       on success, or an error code.

REPORTING BUGS
       Report	 bugs	 to    <bug-gnutls@gnu.org>.	 GnuTLS   home	 page:
       http://www.gnu.org/software/gnutls/ General help  using	GNU  software:
       http://www.gnu.org/gethelp/


COPYRIGHT
       Copyright (C) 2008 Free Software Foundation.
       Copying	and  distribution  of this file, with or without modification,
       are permitted in any medium  without  royalty  provided	the  copyright
       notice and this notice are preserved.

SEE ALSO
       The  full  documentation  for gnutls is maintained as a Texinfo manual.
       If the info and gnutls programs are properly installed  at  your  site,
       the command

	      info gnutls

       should give you access to the complete manual.



gnutls				     2.8.3	       gnutls_priority_init(3)

NAME - SYNOPSIS - ARGUMENTS - DESCRIPTION - COMMON KEYWORDS - SPECIAL KEYWORDS - 
NAMESPACE CONCERN - EXAMPLES - RETURNS - REPORTING BUGS - COPYRIGHT - 
SEE ALSO -
All manual pages         All RFC pages
Common page
for gnutls_priority_init		 Other pages
for gnutls_priority_init		 More pages
containing gnutls_priority_init
A random manual page         All manual pages        All RFC pages