Provided by: gnutls-doc_3.8.1-4ubuntu1.3_all bug

NAME

       gnutls_priority_init2 - API function

SYNOPSIS

       #include <gnutls/gnutls.h>

       int  gnutls_priority_init2(gnutls_priority_t  *  priority_cache,  const char * priorities,
       const char ** err_pos, unsigned flags);

ARGUMENTS

       gnutls_priority_t * priority_cache
                   is a gnutls_priority_t type.

       const char * priorities
                   is a string describing priorities (may be NULL)

       const char ** err_pos
                   In case of an error this will have  the  position  in  the  string  the  error
                   occurred

       unsigned flags
                   zero or GNUTLS_PRIORITY_INIT_DEF_APPEND

DESCRIPTION

       Sets  priorities  for  the  ciphers,  key exchange methods, and macs.  The  priority_cache
       should be deinitialized using gnutls_priority_deinit().

       The priorities option allows  you  to  specify  a  colon  separated  list  of  the  cipher
       priorities  to  enable.   Some  keywords  are  defined  to  provide quick access to common
       preferences.

       When  flags is set to GNUTLS_PRIORITY_INIT_DEF_APPEND then the  priorities specified  will
       be appended to the default options.

       Unless  there  is  a special need, use the "NORMAL" keyword to apply a reasonable security
       level, or "NORMAL:%COMPAT" for compatibility.

       "PERFORMANCE" means all the "secure" ciphersuites are enabled, limited to 128 bit  ciphers
       and sorted by terms of speed performance.

       "LEGACY" the NORMAL settings for GnuTLS 3.2.x or earlier. There is no verification profile
       set, and the allowed DH primes are considered weak today.

       "NORMAL" means all "secure" ciphersuites. The 256-bit ciphers are included as  a  fallback
       only.  The ciphers are sorted by security margin.

       "PFS"  means  all "secure" ciphersuites that support perfect forward secrecy.  The 256-bit
       ciphers are included as a fallback only.  The ciphers are sorted by security margin.

       "SECURE128" means all "secure" ciphersuites of security level 128-bit or more.

       "SECURE192" means all "secure" ciphersuites of security level 192-bit or more.

       "SUITEB128" means all the NSA SuiteB ciphersuites with security level of 128.

       "SUITEB192" means all the NSA SuiteB ciphersuites with security level of 192.

       "NONE" means nothing is enabled.  This disables everything, including protocols.

       "@KEYWORD1,KEYWORD2,..."  The  system  administrator  imposed  settings.    The   provided
       keyword(s)  will  be  expanded  from  a  configuration-time  provided  file  - default is:
       /etc/gnutls/config.  Any attributes that follow it,  will  be  appended  to  the  expanded
       string.  If  multiple  keywords  are provided, separated by commas, then the first keyword
       that exists in the configuration file will be used. At least  one  of  the  keywords  must
       exist,  or  this  function  will  return  an  error.  Typical usage would be to specify an
       application specified keyword first, followed by "SYSTEM" as a default fallback.  e.g.,  "
       LIBVIRT  ,SYSTEM:!-VERS-SSL3.0"  will  first  try  to  find  a  config file entry matching
       "LIBVIRT", but if that does not exist will use the entry for "SYSTEM".  If  "SYSTEM"  does
       not  exist  either,  an  error will be returned. In all cases, the SSL3.0 protocol will be
       disabled. The system priority file entries should be formatted as  "KEYWORD=VALUE",  e.g.,
       "SYSTEM=NORMAL:+ARCFOUR-128".

       Special  keywords are "!", "-" and "+".  "!" or "-" appended with an algorithm will remove
       this algorithm.  "+" appended with an algorithm will add this algorithm.

       Check the GnuTLS manual section "Priority strings" for detailed information.

EXAMPLES

       "NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL"

       "NORMAL:+ARCFOUR-128" means normal ciphers plus ARCFOUR-128.

       "SECURE128:-VERS-SSL3.0" means that  only  secure  ciphers  are  and  enabled,  SSL3.0  is
       disabled.

       "NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1",

       "NONE:+VERS-TLS-ALL:+AES-128-CBC:+ECDHE-RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1:+CURVE-SECP256R1",

       "SECURE256:+SECURE128",

       Note that "NORMAL:%COMPAT" is the most compatible mode.

       A NULL  priorities string indicates the default priorities to be used (this  is  available
       since GnuTLS 3.3.0).

RETURNS

       On  syntax  error GNUTLS_E_INVALID_REQUEST is returned, GNUTLS_E_SUCCESS on success, or an
       error code.

SINCE

       3.6.3

REPORTING BUGS

       Report bugs to <bugs@gnutls.org>.
       Home page: https://www.gnutls.org

COPYRIGHT

       Copyright © 2001-2023 Free Software Foundation, Inc., and others.
       Copying and distribution of this file, with or without modification, are permitted in  any
       medium without royalty provided the copyright notice and this notice are preserved.

SEE ALSO

       The   full   documentation  for  gnutls  is  maintained  as  a  Texinfo  manual.   If  the
       /usr/share/doc/gnutls/ directory does not contain the HTML form visit

       https://www.gnutls.org/manual/