On Mon, Mar 05, 2018 at 01:28:24PM +, Daniel P. Berrangé wrote:
> When generating certificates we rely on GNUTLS' built-in default setup
> for the ciphers used in the certs. We then currently run with the distro
> specific TLS priority setup which can be much stronger, to the extent
> that the
When generating certificates we rely on GNUTLS' built-in default setup
for the ciphers used in the certs. We then currently run with the distro
specific TLS priority setup which can be much stronger, to the extent
that the certificates we generate are considered untrustworthy. We don't
care about t