1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 16:48:49 -05:00

tls13-docs: mention it is only for OpenSSL >= 1.1.1

Reported-by: Jay Satiro
Co-authored-by: Jay Satiro
Fixes #3938
Closes #3946
This commit is contained in:
Daniel Stenberg 2019-05-27 08:01:18 +02:00
parent ca09d96574
commit 7e590b3ecd
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
6 changed files with 23 additions and 6 deletions

View File

@ -6,11 +6,12 @@ and
[`--ciphers`](https://curl.haxx.se/docs/manpage.html#--ciphers) [`--ciphers`](https://curl.haxx.se/docs/manpage.html#--ciphers)
users can control which ciphers to consider when negotiating TLS connections. users can control which ciphers to consider when negotiating TLS connections.
TLS 1.3 ciphers are supported since curl 7.61 with options TLS 1.3 ciphers are supported since curl 7.61 for OpenSSL 1.1.1+ with options
[`CURLOPT_TLS13_CIPHERS`](https://curl.haxx.se/libcurl/c/CURLOPT_TLS13_CIPHERS.html) [`CURLOPT_TLS13_CIPHERS`](https://curl.haxx.se/libcurl/c/CURLOPT_TLS13_CIPHERS.html)
and and
[`--tls13-ciphers`](https://curl.haxx.se/docs/manpage.html#--tls13-ciphers) [`--tls13-ciphers`](https://curl.haxx.se/docs/manpage.html#--tls13-ciphers)
. . If you are using a different SSL backend you can try setting TLS 1.3 cipher
suites by using the respective regular cipher option.
The names of the known ciphers differ depending on which TLS backend that The names of the known ciphers differ depending on which TLS backend that
libcurl was built to use. This is an attempt to list known cipher names. libcurl was built to use. This is an attempt to list known cipher names.

View File

@ -9,4 +9,8 @@ ciphers. Read up on TLS 1.3 cipher suite details on this URL:
https://curl.haxx.se/docs/ssl-ciphers.html https://curl.haxx.se/docs/ssl-ciphers.html
This option is currently used only when curl is built to use OpenSSL 1.1.1 or
later. If you are using a different SSL backend you can try setting TLS 1.3
cipher suites by using the --proxy-ciphers option.
If this option is used several times, the last one will be used. If this option is used several times, the last one will be used.

View File

@ -9,4 +9,8 @@ cipher suite details on this URL:
https://curl.haxx.se/docs/ssl-ciphers.html https://curl.haxx.se/docs/ssl-ciphers.html
This option is currently used only when curl is built to use OpenSSL 1.1.1 or
later. If you are using a different SSL backend you can try setting TLS 1.3
cipher suites by using the --ciphers option.
If this option is used several times, the last one will be used. If this option is used several times, the last one will be used.

View File

@ -37,6 +37,10 @@ You'll find more details about cipher lists on this URL:
https://curl.haxx.se/docs/ssl-ciphers.html https://curl.haxx.se/docs/ssl-ciphers.html
This option is currently used only when curl is built to use OpenSSL 1.1.1 or
later. If you are using a different SSL backend you can try setting TLS 1.3
cipher suites by using the CURLOPT_PROXY_SSL_CIPHER_LIST option.
The application does not have to keep the string around after setting this The application does not have to keep the string around after setting this
option. option.
.SH DEFAULT .SH DEFAULT

View File

@ -36,6 +36,10 @@ You'll find more details about cipher lists on this URL:
https://curl.haxx.se/docs/ssl-ciphers.html https://curl.haxx.se/docs/ssl-ciphers.html
This option is currently used only when curl is built to use OpenSSL 1.1.1 or
later. If you are using a different SSL backend you can try setting TLS 1.3
cipher suites by using the CURLOPT_SSL_CIPHER_LIST option.
The application does not have to keep the string around after setting this The application does not have to keep the string around after setting this
option. option.
.SH DEFAULT .SH DEFAULT

View File

@ -335,8 +335,8 @@ static const struct helptxt helptext[] = {
"SPNEGO proxy service name"}, "SPNEGO proxy service name"},
{" --proxy-ssl-allow-beast", {" --proxy-ssl-allow-beast",
"Allow security flaw for interop for HTTPS proxy"}, "Allow security flaw for interop for HTTPS proxy"},
{" --proxy-tls13-ciphers <ciphersuite list>", {" --proxy-tls13-ciphers <list>",
"TLS 1.3 proxy cipher suites"}, "TLS 1.3 ciphersuites for proxy (OpenSSL)"},
{" --proxy-tlsauthtype <type>", {" --proxy-tlsauthtype <type>",
"TLS authentication type for HTTPS proxy"}, "TLS authentication type for HTTPS proxy"},
{" --proxy-tlspassword <string>", {" --proxy-tlspassword <string>",
@ -445,8 +445,8 @@ static const struct helptxt helptext[] = {
"Transfer based on a time condition"}, "Transfer based on a time condition"},
{" --tls-max <VERSION>", {" --tls-max <VERSION>",
"Set maximum allowed TLS version"}, "Set maximum allowed TLS version"},
{" --tls13-ciphers <list of TLS 1.3 ciphersuites>", {" --tls13-ciphers <list>",
"TLS 1.3 cipher suites to use"}, "TLS 1.3 ciphersuites (OpenSSL)"},
{" --tlsauthtype <type>", {" --tlsauthtype <type>",
"TLS authentication type"}, "TLS authentication type"},
{" --tlspassword", {" --tlspassword",