From i.ivanov at ivde.bg Tue Dec 21 11:04:06 2021 From: i.ivanov at ivde.bg (Ivaylo M. Ivanov) Date: Tue, 21 Dec 2021 12:04:06 +0200 Subject: [gnutls-help] gnutls-file.config rockylinux 8.5 Message-ID: <4e8b2a46-628a-6fbd-6ab9-c023d5b3cd63@ivde.bg> Hello everybody. Can anyone help me with this problem? Why this lines in gnutls.config EXAMPLE-PRIORITY=NORMAL:+ARCFOUR-128 @EXAMPLE-PRIORITY:-VERS-TLS1.0:-VERS-TLS1.1 is not excluding TLS1.1 in gnutls-cli --priority @EXAMPLE-PRIORITY --list Best wishes, Ivo From ueno at gnu.org Tue Dec 21 11:58:07 2021 From: ueno at gnu.org (Daiki Ueno) Date: Tue, 21 Dec 2021 11:58:07 +0100 Subject: [gnutls-help] gnutls-file.config rockylinux 8.5 In-Reply-To: <4e8b2a46-628a-6fbd-6ab9-c023d5b3cd63@ivde.bg> (Ivaylo M. Ivanov's message of "Tue, 21 Dec 2021 12:04:06 +0200") References: <4e8b2a46-628a-6fbd-6ab9-c023d5b3cd63@ivde.bg> Message-ID: <87bl1amdhc.fsf-ueno@gnu.org> Hello Ivaylo, "Ivaylo M. Ivanov" writes: > Can anyone help me with this problem? Why this lines in gnutls.config > > EXAMPLE-PRIORITY=NORMAL:+ARCFOUR-128 > @EXAMPLE-PRIORITY:-VERS-TLS1.0:-VERS-TLS1.1 Do you mean both lines are put in gnutls.config (it's not supposed to work)? > is not excluding TLS1.1 in > gnutls-cli --priority @EXAMPLE-PRIORITY --list The @-syntax is used to refer a priority defined in the config file. In this case, the above command is expanded to: gnutls-cli --priority NORMAL:+ARCFOUR-128 --list If you have the following line instead in gnutls.config: EXAMPLE-PRIORITY=NORMAL:+ARCFOUR-128:-VERS-TLS1.0:-VERS-TLS1.1 TLS 1.1 would be excluded. Regards, -- Daiki Ueno From i.ivanov at ivde.bg Tue Dec 21 12:40:31 2021 From: i.ivanov at ivde.bg (Ivaylo M. Ivanov) Date: Tue, 21 Dec 2021 13:40:31 +0200 Subject: [gnutls-help] gnutls-file.config rockylinux 8.5 In-Reply-To: <87bl1amdhc.fsf-ueno@gnu.org> References: <4e8b2a46-628a-6fbd-6ab9-c023d5b3cd63@ivde.bg> <87bl1amdhc.fsf-ueno@gnu.org> Message-ID: <943ce9fa-28f3-23bc-4452-612a02c8c081@ivde.bg> Thanks for the answer. The problem is that: in update-crypto-policies package of rockylinux, on update, it overwrites gnutls.config with its default. This package(update-crypto-policies) has functionality to add custom string on update to the end of default gnutls.config file. The default gnutls.config contains only one line according to selected policy : SYSTEM=NONE:....................................................... I am trying to exclude directives(-3DES-CBC:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1) from this SYSTEM line. I can't add string to the end SYSTEM priority string. I can only add additional file to the end of gnutls.config I done it with update-crypto-policies' subpolicy, but it affects all system crypto libraries, but I want only to affect gnutls. Regards, Ivo On 21.12.2021 ?. 12:58, Daiki Ueno wrote: > Hello Ivaylo, > > "Ivaylo M. Ivanov" writes: > >> Can anyone help me with this problem? Why this lines in gnutls.config >> >> EXAMPLE-PRIORITY=NORMAL:+ARCFOUR-128 >> @EXAMPLE-PRIORITY:-VERS-TLS1.0:-VERS-TLS1.1 > Do you mean both lines are put in gnutls.config (it's not supposed to > work)? > >> is not excluding TLS1.1 in >> gnutls-cli --priority @EXAMPLE-PRIORITY --list > The @-syntax is used to refer a priority defined in the config file. In > this case, the above command is expanded to: > > gnutls-cli --priority NORMAL:+ARCFOUR-128 --list > > If you have the following line instead in gnutls.config: > > EXAMPLE-PRIORITY=NORMAL:+ARCFOUR-128:-VERS-TLS1.0:-VERS-TLS1.1 > > TLS 1.1 would be excluded. > > Regards, -- ? ????????? ?? ??????? ??????, ?????? ?????? | ???????? ??????? i.ivanov at ivde.bg Mobile: 0887 580 355 | ???? ??????? ???