diff --git a/docs/curl.1 b/docs/curl.1 index ff1ff5748..2846b6938 100644 --- a/docs/curl.1 +++ b/docs/curl.1 @@ -562,6 +562,15 @@ or no response at all is received, the verification fails. This is currently only implemented in the OpenSSL, GnuTLS and NSS backends. (Added in 7.41.0) +.IP "--false-start" + +(SSL) Tells curl to use false start during the TLS handshake. False start is a +mode where a TLS client will start sending application data before verifying +the server's Finished message, thus saving a round trip when performing a full +handshake. + +This is currently only implemented in the NSS backend. +(Added in 7.42.0) .IP "-f, --fail" (HTTP) Fail silently (no output at all) on server errors. This is mostly done to better enable scripts etc to better deal with failed attempts. In normal diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h index 4008cd0c2..e851130f4 100644 --- a/src/tool_cfgable.h +++ b/src/tool_cfgable.h @@ -207,6 +207,8 @@ struct OperationConfig { bool noalpn; /* enable/disable TLS ALPN extension */ char *unix_socket_path; /* path to Unix domain socket */ + bool falsestart; + struct GlobalConfig *global; struct OperationConfig *prev; struct OperationConfig *next; /* Always last in the struct */ diff --git a/src/tool_getparam.c b/src/tool_getparam.c index 30ad5873e..56aa03050 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -218,6 +218,7 @@ static const struct LongShort aliases[]= { {"Eo", "login-options", TRUE}, {"Ep", "pinnedpubkey", TRUE}, {"Eq", "cert-status", FALSE}, + {"Er", "false-start", FALSE}, {"f", "fail", FALSE}, {"F", "form", TRUE}, {"Fs", "form-string", TRUE}, @@ -1368,6 +1369,10 @@ ParameterError getparameter(char *flag, /* f or -long-flag */ config->verifystatus = TRUE; break; + case 'r': /* --false-start */ + config->falsestart = TRUE; + break; + default: /* certificate file */ { char *certname, *passphrase; diff --git a/src/tool_help.c b/src/tool_help.c index 4616211f9..69778b91a 100644 --- a/src/tool_help.c +++ b/src/tool_help.c @@ -83,6 +83,7 @@ static const char *const helptext[] = { " --environment Write results to environment variables (RISC OS)", #endif " -f, --fail Fail silently (no output at all) on HTTP errors (H)", + " --false-start Enable TLS False Start.", " -F, --form CONTENT Specify HTTP multipart POST data (H)", " --form-string STRING Specify HTTP multipart POST data (H)", " --ftp-account DATA Account data string (F)", diff --git a/src/tool_operate.c b/src/tool_operate.c index a875f8d4c..e2ae22e54 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -1041,6 +1041,9 @@ static CURLcode operate_do(struct GlobalConfig *global, if(config->verifystatus) my_setopt(curl, CURLOPT_SSL_VERIFYSTATUS, 1L); + + if(config->falsestart) + my_setopt(curl, CURLOPT_SSL_FALSESTART, 1L); } if(built_in_protos & (CURLPROTO_SCP|CURLPROTO_SFTP)) {