On 05/23/2011 11:54 AM, Daniel P. Berrange wrote: >> Try gnutls_priority_set. What did you use >> gnutls_certificate_type_set_priority for? It is rare to really >> need it, a call to gnutls_set_default_priority() is usually >> sufficient. > Agreed, our current use of gnutls_certificate_type_set_priority is > bogus and can/should be removed, leaving just set_default_priority > calls. If you expect random (other than gnutls/openssl/nss) TLS implementations to connect to you (or you plan to connect to them), then the set_default_priority() might not be enough. I tried to sketch the reasons at: http://www.gnu.org/software/gnutls/manual/html_node/Compatibility-Issues.html#Compatibility-Issues In those cases you might want to have some options configurable. regards, Nikos -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list