[gnutls-devel] GnuTLS | priority: support allowlisting in configuration file (!1427)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sat Nov 27 08:00:22 CET 2021




Daiki Ueno commented on a discussion on doc/cha-config.texi: https://gitlab.com/gnutls/gnutls/-/merge_requests/1427#note_745412379

>  to be disabled or enabled.
>  
>  The valid values for the options above can be found in the 'Protocols', 'Digests'
> -'PK-signatures', 'Protocols', 'Ciphrers', and 'MACs' fields of the output of @code{gnutls-cli --list}.
> +'PK-signatures', 'Protocols', 'Ciphers', and 'MACs' fields of the output of @code{gnutls-cli --list}.
>  
>  Sometimes the system administrator wants to enable only specific
>  algorithms, despite the library defaults. GnuTLS provides an
>  alternative mode of overriding: allowlisting.
>  
> +As shown below in the examples, it is hard to use this mode correctly,
> +as it requires understanding of how algorithms are used underneath by
> +the protocols.  Therefore, it is highly recommended that the
> +configuration file is generated by support tool distributed by the
> +operating systems, such as
> + at uref{https://gitlab.com/redhat-crypto/fedora-crypto-policies/,crypto-policies}.

Thanks for the suggestion; incorporated.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1427#note_745412379
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20211127/849a0f75/attachment.html>


More information about the Gnutls-devel mailing list