Next: , Previous: , Up: System-wide configuration of the library   [Contents][Index]

8.3 Querying for disabled algorithms and protocols

When necessary applications can query whether a particular algorithm or protocol has been marked as insecure or disabled system-wide. Digital signatures can be queried using the following algorithms.

unsigned gnutls_sign_is_secure (gnutls_sign_algorithm_t algorithm)
unsigned gnutls_sign_is_secure2 (gnutls_sign_algorithm_t algorithm, unsigned int flags)

Any disabled protocol versions or elliptic curves will not show up in the lists provided by the following functions.

const gnutls_protocol_t * gnutls_protocol_list ( void)
const gnutls_group_t * gnutls_group_list ( void)
const gnutls_ecc_curve_t * gnutls_ecc_curve_list ( void)

It is not possible to query for insecure hash algorithms directly (only indirectly through the signature API).