31
31
.SS TLS/SSL control options
32
32
.IP "\-\-priority \fIPRIORITY STRING\fR"
33
33
TLS algorithms and protocols to enable.
34
Unless the first keyword is "NONE" the defaults are:
36
Protocols: TLS1.1, TLS1.0, and SSL3.0.
40
Certificate types: X.509, OpenPGP.
42
You can also use predefined sets of ciphersuites such as:
34
You can use predefined sets of ciphersuites such as:
45
37
all the "secure" ciphersuites are enabled, limited to 128 bit
66
58
nothing is enabled. This disables even protocols and
67
59
compression methods.
72
"!" or "-" appended with an algorithm will remove this algorithm.
74
"+" appended with an algorithm will add this algorithm.
76
"%COMPAT" will enable compatibility features for a server.
78
"%UNSAFE_RENEGOTIATION" Permits (re-)handshakes even unsafe ones.
80
"%PARTIAL_RENEGOTIATION" Prevents renegotiation with clients and servers not
81
supporting the safe renegotiation extension. (default)
83
"%SAFE_RENEGOTIATION" will enable safe renegotiation. This is the most
84
secure and recommended option for clients. However this will prevent from
85
connecting to legacy servers.
87
To avoid collisions in order to specify a compression algorithm in
88
this string you have to prefix it with "COMP-", protocol versions
89
with "VERS-" and certificate types with "CTYPE-". All other
90
algorithms don't need a prefix.
62
Check the GnuTLS manual on section "Priority strings" for
63
more information on allowed keywords.
100
"NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"
69
"NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL"
71
"NORMAL:-ARCFOUR-128" means normal ciphers except for ARCFOUR-128.
73
"SECURE:-VERS-SSL3.0:+COMP-DEFLATE" means that only secure ciphers are
74
enabled, SSL3.0 is disabled, and libz compression enabled.
76
"NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1"
78
"NORMAL:%COMPAT" is the most compatible mode
102
80
.IP "\-g, \-\-generate"
103
81
Generate Diffie-Hellman Parameters.
134
112
.BR gnutls\-cli\-debug (1)
137
Nikos Mavroyanopoulos <nmav@gnutls.org> and others; see
115
Nikos Mavrogiannopoulos <nmav@gnutls.org> and others; see
138
116
/usr/share/doc/gnutls\-bin/AUTHORS for a complete list.
140
118
This manual page was written by Ivo Timmermans <ivo@debian.org>, for