When necessary applications can query whether a particular algorithm or protocol has been marked as insecure or disabled system-wide. Digital signatures can be queried using the following algorithms.
unsigned gnutls_sign_is_secure (gnutls_sign_algorithm_t algorithm)
unsigned gnutls_sign_is_secure2 (gnutls_sign_algorithm_t algorithm, unsigned int flags)
Any disabled protocol versions or elliptic curves will not show up in the lists provided by the following functions.
const gnutls_protocol_t * gnutls_protocol_list ( void)
const gnutls_group_t * gnutls_group_list ( void)
const gnutls_ecc_curve_t * gnutls_ecc_curve_list ( void)
It is not possible to query for insecure hash algorithms directly (only indirectly through the signature API).