Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> writes: > On 05/23/2011 11:54 AM, Daniel P. Berrange wrote: > >>> Try gnutls_priority_set. What did you use >>> gnutls_certificate_type_set_priority for? It is rare to really >>> need it, a call to gnutls_set_default_priority() is usually >>> sufficient. >> Agreed, our current use of gnutls_certificate_type_set_priority is >> bogus and can/should be removed, leaving just set_default_priority >> calls. > > If you expect random (other than gnutls/openssl/nss) TLS implementations > to connect to you (or you plan to connect to them), then the > set_default_priority() might not be enough. I tried to sketch the > reasons at: > http://www.gnu.org/software/gnutls/manual/html_node/Compatibility-Issues.html#Compatibility-Issues > > In those cases you might want to have some options configurable. Yes, it would be nice if libvirt had a configuration knob for user to specify the priority string. However, as I understand it, libvirt only talks to its own implementation, and doesn't need to be compatible with any browser SSL legacy. So you probably don't need to use any compatibility settings at all. /Simon -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list