[gnutls-devel] GnuTLS | priority: support allowlisting in configuration file (!1427)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Sat Nov 27 08:00:22 CET 2021
Daiki Ueno commented on a discussion on doc/cha-config.texi: https://gitlab.com/gnutls/gnutls/-/merge_requests/1427#note_745412379
> to be disabled or enabled.
>
> The valid values for the options above can be found in the 'Protocols', 'Digests'
> -'PK-signatures', 'Protocols', 'Ciphrers', and 'MACs' fields of the output of @code{gnutls-cli --list}.
> +'PK-signatures', 'Protocols', 'Ciphers', and 'MACs' fields of the output of @code{gnutls-cli --list}.
>
> Sometimes the system administrator wants to enable only specific
> algorithms, despite the library defaults. GnuTLS provides an
> alternative mode of overriding: allowlisting.
>
> +As shown below in the examples, it is hard to use this mode correctly,
> +as it requires understanding of how algorithms are used underneath by
> +the protocols. Therefore, it is highly recommended that the
> +configuration file is generated by support tool distributed by the
> +operating systems, such as
> + at uref{https://gitlab.com/redhat-crypto/fedora-crypto-policies/,crypto-policies}.
Thanks for the suggestion; incorporated.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1427#note_745412379
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20211127/849a0f75/attachment.html>
More information about the Gnutls-devel
mailing list