Previous: , Up: System-wide configuration of the library   [Contents][Index]


8.4 Overriding the parameter verification profile

When verifying a certificate or TLS session parameters, GnuTLS uses a set of profiles associated with the session to determine whether the parameters seen in the session are acceptable. For example, whether the RSA public key size as seen on the wire, or the Diffie-Hellman parameters for the session. These profiles are normally set using the %PROFILE priority string (see Priority Strings and Selecting cryptographic key sizes).

It is possible to set the low bar profile that applications cannot override using the following.

[overrides]

# do not allow applications use the LOW or VERY-WEAK profiles.
min-verification-profile = legacy