WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.

Unverified Commit 050c93c4 authored May 29, 2018 by Daniel Stenberg

setopt: add TLS 1.3 ciphersuites

Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS.

curl: added --tls13-ciphers and --proxy-tls13-ciphers

Fixes #2435
Reported-by: zzq1015 on github
Closes #2607

parent 5005ade2

docs/CIPHERS.md

+10 −0

Original line number	Diff line number	Diff line
		@@ -142,6 +142,16 @@ libcurl was built to use. This is an attempt to list known cipher names.
		`ECDHE-RSA-CAMELLIA128-SHA256`
		`ECDHE-RSA-CAMELLIA256-SHA384`

		### TLS 1.3 cipher suites

		(Note: the TLS 1.3 cipher suites are set with a separate option.)

		`TLS13-AES-256-GCM-SHA384`
		`TLS13-CHACHA20-POLY1305-SHA256`
		`TLS13-AES-128-GCM-SHA256`
		`TLS13-AES-128-CCM-8-SHA256`
		`TLS13-AES-128-CCM-SHA256`

		## NSS

		### Totally insecure

docs/cmdline-opts/Makefile.inc

+1 −1

Original line number	Diff line number	Diff line
		@@ -47,6 +47,6 @@ DPAGES = abstract-unix-socket.d anyauth.d append.d basic.d cacert.d capath.d cer
		tlsv1.3.d tlsv1.d trace-ascii.d trace.d trace-time.d tr-encoding.d \
		unix-socket.d upload-file.d url.d use-ascii.d user-agent.d user.d \
		verbose.d version.d write-out.d xattr.d request-target.d \
		styled-output.d
		styled-output.d tls13-ciphers.d proxy-tls13-ciphers.d

		OTHERPAGES = page-footer page-header

docs/cmdline-opts/proxy-tls13-ciphers.d

0 → 100644

+12 −0

Original line number	Diff line number	Diff line
		Long: proxy-tls13-ciphers
		Arg: <ciphersuite list>
		help: TLS 1.3 proxy cipher suites
		Protocols: TLS
		---
		Specifies which cipher suites to use in the connection to your HTTPS proxy
		when it negotiates TLS 1.3. The list of ciphers suites must specify valid
		ciphers. Read up on TLS 1.3 cipher suite details on this URL:

		https://curl.haxx.se/docs/ssl-ciphers.html

		If this option is used several times, the last one will be used.

docs/cmdline-opts/tls13-ciphers.d

0 → 100644

+12 −0

Original line number	Diff line number	Diff line
		Long: tls13-ciphers
		Arg: <list of TLS 1.3 ciphersuites>
		help: TLS 1.3 cipher suites to use
		Protocols: TLS
		---
		Specifies which cipher suites to use in the connection if it negotiates TLS
		1.3. The list of ciphers suites must specify valid ciphers. Read up on TLS 1.3
		cipher suite details on this URL:

		https://curl.haxx.se/docs/ssl-ciphers.html

		If this option is used several times, the last one will be used.

docs/libcurl/curl_easy_setopt.3

+4 −0

Original line number	Diff line number	Diff line
		@@ -548,6 +548,10 @@ Identify EGD socket for entropy. See \fICURLOPT_EGDSOCKET(3)\fP
		Ciphers to use. See \fICURLOPT_SSL_CIPHER_LIST(3)\fP
		.IP CURLOPT_PROXY_SSL_CIPHER_LIST
		Proxy ciphers to use. See \fICURLOPT_PROXY_SSL_CIPHER_LIST(3)\fP
		.IP CURLOPT_TLS13_CIPHERS
		TLS 1.3 cipher suites to use. See \fICURLOPT_TLS13_CIPHERS(3)\fP
		.IP CURLOPT_PROXY_TLS13_CIPHERS
		Proxy TLS 1.3 cipher suites to use. See \fICURLOPT_PROXY_TLS13_CIPHERS(3)\fP
		.IP CURLOPT_SSL_SESSIONID_CACHE
		Disable SSL session-id cache. See \fICURLOPT_SSL_SESSIONID_CACHE(3)\fP
		.IP CURLOPT_SSL_OPTIONS