Gnutls allows TLS ciphersuit configuration to be systemwide. On Gentoo, that configuration lives in /etc/gnutls/config, which is unchanged default. Apps using gnutls are encouraged to rely on centralized config, see https://gitlab.com/libvirt/libvirt/-/issues/66 for details. Reproducible: Always
Created attachment 666383 [details, diff] patch for ebuild Attached patch allows using systemwide configuration in addition to an app specific configuration that may be deprecated in the future.
Please see discussion in https://bugs.gentoo.org/747928 as well... for this to work properly, an ebuild needs to install /etc/gnutls/config with: [priorities] LIBVIRT = NORMAL as well.
Anyone interested in this: Would you mind opening a pull request for the suggested changes on github?
(In reply to Vjaceslavs Klimovs from comment #0) > Gnutls allows TLS ciphersuit configuration to be systemwide. On Gentoo, that > configuration lives in /etc/gnutls/config, which is unchanged default. Apps > using gnutls are encouraged to rely on centralized config, see > > https://gitlab.com/libvirt/libvirt/-/issues/66 > > for details. > > Reproducible: Always I am hesitant to apply this patch. Would you mind trying MYMESONARGS='-Dtls_priority="@LIBVIRT,NORMAL"' emerge -1 libvirt If that works, you can make this change more permanent by using the portage.env facility.