[gnutls-dev] Work in progress: GnuTLS 2.2 release notes on API changes
Martin Lambers
marlam at marlam.de
Thu Nov 15 20:14:52 CET 2007
On Thu, 15. Nov 2007, 11:03:17 +0100, Simon Josefsson wrote:
> Further, I believe we could improve the gnutls_set_default_priority2()
> API. Right now it is difficult to use from applications. Each
> application would need to have a configuration file token (e.g.,
> 'gnutls-priority: EXPORT') or command line parameter (e.g.,
> --gnutls-priority PERFORMANCE) that map to the GnuTLS enum types. A
> serious problem is that there would be no consistency between GnuTLS
> applications on what the enum names should be and their meaning.
>
> I think it would be better if we had a function like:
>
> int gnutls_set_priority (gnutls_session_t session,
> const char *priority);
>
> It would take strings that can be set by users in application
> configuration files or command line parameters. GnuTLS could define a
> couple of strings:
>
> DEFAULT
> EXPORT
> PERFORMANCE
> SECURITY
>
> etc. Eventually we could even support something like OpenSSL's priority
> strings, which allow things similar to 'DEFAULT:-AES' to use the
> defaults, but remove all AES ciphers.
I think this is an excellent idea. Applications could give users the
possibility to tweak the priorities in a simple _and consistent_ way.
This would elegantly solve a current problem with msmtp and mpop;
see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440344 .
Martin
More information about the Gnutls-dev
mailing list