Next: Overriding the default priority string, Previous: Querying for disabled algorithms and protocols, Up: System-wide configuration of the library [Contents][Index]
When verifying a certificate or TLS session parameters, GnuTLS uses a set
of profiles associated with the session to determine whether the parameters
seen in the session are acceptable. For example, whether the RSA public key
size as seen on the wire, or the Diffie-Hellman parameters for the session.
These profiles are normally set using the
%PROFILE priority string
(see Priority Strings and Selecting cryptographic key sizes).
It is possible to set the low bar profile that applications cannot override using the following.
[overrides] # do not allow applications use the LOW or VERY-WEAK profiles. min-verification-profile = legacy