[gnutls-help] gnutls-file.config rockylinux 8.5

[Ivaylo M. Ivanov]

Thanks for the answer.

The problem is that: in update-crypto-policies package of rockylinux, on 
update, it overwrites gnutls.config with its default.

This package(update-crypto-policies) has functionality to add custom 
string on update to the end of default gnutls.config file.
The default gnutls.config contains only one line according to selected 
policy :

SYSTEM=NONE:.......................................................

I am trying to exclude 
directives(-3DES-CBC:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1) from this 
SYSTEM line. I can't add string to the end SYSTEM priority string. I can 
only add additional file to the end of gnutls.config

I done it with update-crypto-policies' subpolicy, but it affects all 
system crypto libraries, but I want only to affect gnutls.

Regards,
Ivo

On 21.12.2021 г. 12:58, Daiki Ueno wrote:
> Hello Ivaylo,
>
> "Ivaylo M. Ivanov" <i.ivanov at ivde.bg> writes:
>
>> Can anyone help me with this problem? Why this lines in gnutls.config
>>
>> EXAMPLE-PRIORITY=NORMAL:+ARCFOUR-128
>> @EXAMPLE-PRIORITY:-VERS-TLS1.0:-VERS-TLS1.1
> Do you mean both lines are put in gnutls.config (it's not supposed to
> work)?
>
>> is not excluding TLS1.1 in
>> gnutls-cli --priority @EXAMPLE-PRIORITY --list
> The @-syntax is used to refer a priority defined in the config file.  In
> this case, the above command is expanded to:
>
>    gnutls-cli --priority NORMAL:+ARCFOUR-128 --list
>
> If you have the following line instead in gnutls.config:
>
>    EXAMPLE-PRIORITY=NORMAL:+ARCFOUR-128:-VERS-TLS1.0:-VERS-TLS1.1
>
> TLS 1.1 would be excluded.
>
> Regards,

-- 
С пожелания за успешен бизнес,
Ивайло Иванов | Системен инженер
i.ivanov at ivde.bg
Mobile: 0887 580 355 | ИВДЕ Системс ООД