Next: Disabling algorithms and protocols, Up: System-wide configuration of the library [Contents][Index]
It is possible to specify custom cipher priority strings, in addition to the
default priority strings (NORMAL, PERFORMANCE, etc.). These can
be used either by individual applications, or even as the default option if
the library is compiled with the configuration option
--with-default-priority-string. In the latter case the defined
priority string will be used for applications using gnutls_set_default_priority
or gnutls_set_default_priority_append.
The priority strings can be specified in the global section of the
configuration file, or in the section named [priorities].
The format is ’KEYWORD = VALUE’, e.g.,
When used they may be followed by additional options that will be appended to the
system string (e.g., ’@EXAMPLE-PRIORITY:+SRP’). ’EXAMPLE-PRIORITY=NORMAL:+ARCFOUR-128’.
Since version 3.5.1 applications are allowed to specify fallback keywords such as
@KEYWORD1,@KEYWORD2, and the first valid keyword will be used.
The following example configuration defines a priority string called @SYSTEM.
When set, its full settings can be queried using gnutls-cli --priority @SYSTEM --list.
[priorities] SYSTEM = NORMAL:-AES-128-CBC:-AES-256-CBC