gnutls_priority_init2 - API function
int gnutls_priority_init2(gnutls_priority_t * priority_cache,
const char * priorities, const char ** err_pos,
- gnutls_priority_t * priority_cache
- is a gnutls_prioritity_t type.
- const char * priorities
- is a string describing priorities (may be NULL)
- const char ** err_pos
- In case of an error this will have the position in the string the error
- unsigned flags
- zero or GNUTLS_PRIORITY_INIT_DEF_APPEND
Sets priorities for the ciphers, key exchange methods, and macs. The
should be deinitialized using
option allows you to specify a colon separated list of the
cipher priorities to enable. Some keywords are defined to provide quick access
to common preferences.
is set to GNUTLS_PRIORITY_INIT_DEF_APPEND
specified will be appended to the default options.
Unless there is a special need, use the "NORMAL" keyword to apply a
reasonable security level, or "NORMAL:%COMPAT" for compatibility.
"PERFORMANCE" means all the "secure" ciphersuites are
enabled, limited to 128 bit ciphers and sorted by terms of speed performance.
"LEGACY" the NORMAL settings for GnuTLS 3.2.x or earlier. There is no
verification profile set, and the allowed DH primes are considered weak today.
"NORMAL" means all "secure" ciphersuites. The 256-bit
ciphers are included as a fallback only. The ciphers are sorted by security
"PFS" means all "secure" ciphersuites that support perfect
forward secrecy. The 256-bit ciphers are included as a fallback only. The
ciphers are sorted by security margin.
"SECURE128" means all "secure" ciphersuites of security
level 128-bit or more.
"SECURE192" means all "secure" ciphersuites of security
level 192-bit or more.
"SUITEB128" means all the NSA SuiteB ciphersuites with security level
"SUITEB192" means all the NSA SuiteB ciphersuites with security level
"NONE" means nothing is enabled. This disables everything, including
"@KEYWORD1,KEYWORD2,..." The system administrator imposed settings.
The provided keyword(s) will be expanded from a configuration-time provided
file - default is: /etc/gnutls/default-priorities. Any attributes that follow
it, will be appended to the expanded string. If multiple keywords are
provided, separated by commas, then the first keyword that exists in the
configuration file will be used. At least one of the keywords must exist, or
this function will return an error. Typical usage would be to specify an
application specified keyword first, followed by "SYSTEM" as a
default fallback. e.g., " LIBVIRT
first try to find a config file entry matching "LIBVIRT", but if
that does not exist will use the entry for "SYSTEM". If
"SYSTEM" does not exist either, an error will be returned. In all
cases, the SSL3.0 protocol will be disabled. The system priority file entries
should be formatted as "KEYWORD=VALUE", e.g.,
Special keywords are "!", "-" and "+".
"!" or "-" appended with an algorithm will remove this
algorithm. "+" appended with an algorithm will add this algorithm.
Check the GnuTLS manual section "Priority strings" for detailed
"NORMAL:+ARCFOUR-128" means normal ciphers plus ARCFOUR-128.
"SECURE128:-VERS-SSL3.0" means that only secure ciphers are and
enabled, SSL3.0 is disabled.
Note that "NORMAL:%COMPAT" is the most compatible mode.
A NULL priorities
string indicates the default priorities to be
used (this is available since GnuTLS 3.3.0).
On syntax error GNUTLS_E_INVALID_REQUEST
on success, or an error code.
Report bugs to <email@example.com>.
Home page: https://www.gnutls.org
Copyright © 2001-2019 Free Software Foundation, Inc., and others.
Copying and distribution of this file, with or without modification, are
permitted in any medium without royalty provided the copyright notice and this
notice are preserved.
The full documentation for gnutls
is maintained as a Texinfo manual. If
the /usr/share/doc/gnutls/ directory does not contain the HTML form visit