[ClusterLabs] Coming in pacemaker 3.0.2: Deprecating support for specifying diffie-hellman parameters

[Chris Lumens]

For a while now, Pacemaker has supported specifying your own 
Diffie-Hellman parameters on the server end of a Pacemaker Remote or 
remote CIB administration connection.  The purpose of this is to allow 
the server to communicate with older clients.

As part of cleaning up our TLS-related code a bit, I have decided to 
deprecate this support.  There's a couple factors at work here:

* gnutls >= 3.6 no longer recommends using the functions that we're 
using to do this.  It will instead negotiate the parameters between 
client and server in accordance with RFC7919.  I expect that at some 
point, they will remove these functions entirely which will force the 
issue for us.

* We will be bumping our minimum gnutls build requirement shortly.  It's 
currently 3.4.6, but we'll be bumping it several versions to make use of 
some other new stuff.  See https://projects.clusterlabs.org/T1 for details.

* gnutls 3.6 was released in 2017, and I have to go all the way back to 
RHEL 7 to find a RH release that included an older version.

I think the only use case that will be affected by this change is 
Pacemaker Remote nodes running an OS that shipped gnutls < 3.6 talking 
to a cluster that is running Pacemaker >= 3.0.2.  In other words, a RHEL 
7 era remote node and a RHEL 10.something era cluster.

I expect very few, if any, people will actually be affected.  If so, 
please speak up and we can look at what the timeframe for removing this 
support should be.  For the moment, it's only deprecated but still 
functional.

- Chris