Unverified Commit 050c93c4 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

setopt: add TLS 1.3 ciphersuites 

Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS.

curl: added --tls13-ciphers and --proxy-tls13-ciphers

Fixes #2435
Reported-by: zzq1015 on github
Closes #2607
parent 5005ade2

docs/CIPHERS.md

+10 −0
Original line number Diff line number Diff line
@@ -142,6 +142,16 @@ libcurl was built to use. This is an attempt to list known cipher names. 
`ECDHE-RSA-CAMELLIA128-SHA256`

`ECDHE-RSA-CAMELLIA256-SHA384`



### TLS 1.3 cipher suites



(Note: the TLS 1.3 cipher suites are set with a separate option.)



`TLS13-AES-256-GCM-SHA384`

`TLS13-CHACHA20-POLY1305-SHA256`

`TLS13-AES-128-GCM-SHA256`

`TLS13-AES-128-CCM-8-SHA256`

`TLS13-AES-128-CCM-SHA256`



## NSS



### Totally insecure

docs/cmdline-opts/Makefile.inc

+1 −1
Original line number Diff line number Diff line
@@ -47,6 +47,6 @@ DPAGES = abstract-unix-socket.d anyauth.d append.d basic.d cacert.d capath.d cer 
  tlsv1.3.d tlsv1.d trace-ascii.d trace.d trace-time.d tr-encoding.d    \

  unix-socket.d upload-file.d url.d use-ascii.d user-agent.d user.d     \

  verbose.d version.d write-out.d xattr.d request-target.d              \

  styled-output.d

  styled-output.d tls13-ciphers.d proxy-tls13-ciphers.d



OTHERPAGES = page-footer page-header

docs/cmdline-opts/proxy-tls13-ciphers.d

0 → 100644
+12 −0
Original line number Diff line number Diff line 
Long: proxy-tls13-ciphers

Arg: <ciphersuite list>

help: TLS 1.3 proxy cipher suites

Protocols: TLS

---

Specifies which cipher suites to use in the connection to your HTTPS proxy

when it negotiates TLS 1.3. The list of ciphers suites must specify valid

ciphers. Read up on TLS 1.3 cipher suite details on this URL:



 https://curl.haxx.se/docs/ssl-ciphers.html



If this option is used several times, the last one will be used.

docs/cmdline-opts/tls13-ciphers.d

0 → 100644
+12 −0
Original line number Diff line number Diff line 
Long: tls13-ciphers

Arg: <list of TLS 1.3 ciphersuites>

help: TLS 1.3 cipher suites to use

Protocols: TLS

---

Specifies which cipher suites to use in the connection if it negotiates TLS

1.3. The list of ciphers suites must specify valid ciphers. Read up on TLS 1.3

cipher suite details on this URL:



 https://curl.haxx.se/docs/ssl-ciphers.html



If this option is used several times, the last one will be used.

docs/libcurl/curl_easy_setopt.3

+4 −0
Original line number Diff line number Diff line
@@ -548,6 +548,10 @@ Identify EGD socket for entropy. See \fICURLOPT_EGDSOCKET(3)\fP 
Ciphers to use. See \fICURLOPT_SSL_CIPHER_LIST(3)\fP

.IP CURLOPT_PROXY_SSL_CIPHER_LIST

Proxy ciphers to use. See \fICURLOPT_PROXY_SSL_CIPHER_LIST(3)\fP

.IP CURLOPT_TLS13_CIPHERS

TLS 1.3 cipher suites to use. See \fICURLOPT_TLS13_CIPHERS(3)\fP

.IP CURLOPT_PROXY_TLS13_CIPHERS

Proxy TLS 1.3 cipher suites to use. See \fICURLOPT_PROXY_TLS13_CIPHERS(3)\fP

.IP CURLOPT_SSL_SESSIONID_CACHE

Disable SSL session-id cache. See \fICURLOPT_SSL_SESSIONID_CACHE(3)\fP

.IP CURLOPT_SSL_OPTIONS