GnuTLS 3.6.9 introduced a system-wide configuration of the library
which can be used to disable or mark algorithms and protocols as insecure
system-wide, overriding the library defaults. The format of this
configuration file is of an INI file, with the hash (’#’) allowed for
commenting. It intentionally does not allow switching algorithms or protocols
which were disabled or marked as insecure during compile time to the secure
set. This is to prevent the feature from being used to attack the system.
Unknown options or sections in the configuration file are skipped unless
the environment variable
set to 1, where it would cause the library to exit on unknown options.
The location of the default configuration file is
but its actual location may be overriden during compile time or at run-time
GNUTLS_SYSTEM_PRIORITY_FILE environment variable. The file
used can be queried using gnutls_get_system_config_file.
Returns the filename of the system wide configuration file loaded by the library. The returned pointer is valid until the library is unloaded.
Returns: a constant pointer to the config file loaded, or
NULL if none
|• Application-specific priority strings:|
|• Disabling algorithms and protocols:|
|• Querying for disabled algorithms and protocols:|
|• Overriding the parameter verification profile:|