[gnutls-help] priority strings

Jeremy Harris jgh at wizmail.org
Mon Aug 20 14:33:40 CEST 2018

On 08/13/2018 07:25 AM, Nikos Mavrogiannopoulos wrote:
> Maybe we should document that the none + build up approach is
> version-specific and cannot be guaranteed to work on protocol updates,
> or across minor gnutls version updates. That was not the original
> intention, but in practice over every TLS update (1.1 -> 1.2 -> 1.3)
> these strings that were derived from none broke.
>> How about
> That is certainly much better, but from the perspective of someone who
> has seen numerous of these priority strings in applications, I'd
> really recommend using the defaults.

The use-case here is for testing an application.  So I need
to be able to set odd combinations, for example to check
what happens at application level when the TL connect
fails for lack of compatible key-exchange.

Having to make the testsuite tls-library-version aware
would be sucky.

Also fails, presumably for equivalent reasons:

gnutls_priority_init(NORMAL:!MAC-ALL:+MD5) failed at offset 0,
"NORMAL.."): No or insufficient priorities were set.


More information about the Gnutls-help mailing list