mirror of
https://github.com/moparisthebest/curl
synced 2025-02-28 09:21:50 -05:00
wolfssl: support setting cipher list
This commit is contained in:
Dan Fandrich
parent
5d7a7fcdcb
commit
bbee0d4eee
113
docs/CIPHERS.md
113
docs/CIPHERS.md
@ -311,3 +311,116 @@ but libcurl maps them to the following case-insensitive names.
|
||||
`aes256-sha256`
|
||||
`aes128-gcm-sha256`
|
||||
`aes256-gcm-sha384`
|
||||
|
||||
## WolfSSL
|
||||
|
||||
`RC4-SHA`,
|
||||
`RC4-MD5`,
|
||||
`DES-CBC3-SHA`,
|
||||
`AES128-SHA`,
|
||||
`AES256-SHA`,
|
||||
`NULL-SHA`,
|
||||
`NULL-SHA256`,
|
||||
`DHE-RSA-AES128-SHA`,
|
||||
`DHE-RSA-AES256-SHA`,
|
||||
`DHE-PSK-AES256-GCM-SHA384`,
|
||||
`DHE-PSK-AES128-GCM-SHA256`,
|
||||
`PSK-AES256-GCM-SHA384`,
|
||||
`PSK-AES128-GCM-SHA256`,
|
||||
`DHE-PSK-AES256-CBC-SHA384`,
|
||||
`DHE-PSK-AES128-CBC-SHA256`,
|
||||
`PSK-AES256-CBC-SHA384`,
|
||||
`PSK-AES128-CBC-SHA256`,
|
||||
`PSK-AES128-CBC-SHA`,
|
||||
`PSK-AES256-CBC-SHA`,
|
||||
`DHE-PSK-AES128-CCM`,
|
||||
`DHE-PSK-AES256-CCM`,
|
||||
`PSK-AES128-CCM`,
|
||||
`PSK-AES256-CCM`,
|
||||
`PSK-AES128-CCM-8`,
|
||||
`PSK-AES256-CCM-8`,
|
||||
`DHE-PSK-NULL-SHA384`,
|
||||
`DHE-PSK-NULL-SHA256`,
|
||||
`PSK-NULL-SHA384`,
|
||||
`PSK-NULL-SHA256`,
|
||||
`PSK-NULL-SHA`,
|
||||
`HC128-MD5`,
|
||||
`HC128-SHA`,
|
||||
`HC128-B2B256`,
|
||||
`AES128-B2B256`,
|
||||
`AES256-B2B256`,
|
||||
`RABBIT-SHA`,
|
||||
`NTRU-RC4-SHA`,
|
||||
`NTRU-DES-CBC3-SHA`,
|
||||
`NTRU-AES128-SHA`,
|
||||
`NTRU-AES256-SHA`,
|
||||
`AES128-CCM-8`,
|
||||
`AES256-CCM-8`,
|
||||
`ECDHE-ECDSA-AES128-CCM`,
|
||||
`ECDHE-ECDSA-AES128-CCM-8`,
|
||||
`ECDHE-ECDSA-AES256-CCM-8`,
|
||||
`ECDHE-RSA-AES128-SHA`,
|
||||
`ECDHE-RSA-AES256-SHA`,
|
||||
`ECDHE-ECDSA-AES128-SHA`,
|
||||
`ECDHE-ECDSA-AES256-SHA`,
|
||||
`ECDHE-RSA-RC4-SHA`,
|
||||
`ECDHE-RSA-DES-CBC3-SHA`,
|
||||
`ECDHE-ECDSA-RC4-SHA`,
|
||||
`ECDHE-ECDSA-DES-CBC3-SHA`,
|
||||
`AES128-SHA256`,
|
||||
`AES256-SHA256`,
|
||||
`DHE-RSA-AES128-SHA256`,
|
||||
`DHE-RSA-AES256-SHA256`,
|
||||
`ECDH-RSA-AES128-SHA`,
|
||||
`ECDH-RSA-AES256-SHA`,
|
||||
`ECDH-ECDSA-AES128-SHA`,
|
||||
`ECDH-ECDSA-AES256-SHA`,
|
||||
`ECDH-RSA-RC4-SHA`,
|
||||
`ECDH-RSA-DES-CBC3-SHA`,
|
||||
`ECDH-ECDSA-RC4-SHA`,
|
||||
`ECDH-ECDSA-DES-CBC3-SHA`,
|
||||
`AES128-GCM-SHA256`,
|
||||
`AES256-GCM-SHA384`,
|
||||
`DHE-RSA-AES128-GCM-SHA256`,
|
||||
`DHE-RSA-AES256-GCM-SHA384`,
|
||||
`ECDHE-RSA-AES128-GCM-SHA256`,
|
||||
`ECDHE-RSA-AES256-GCM-SHA384`,
|
||||
`ECDHE-ECDSA-AES128-GCM-SHA256`,
|
||||
`ECDHE-ECDSA-AES256-GCM-SHA384`,
|
||||
`ECDH-RSA-AES128-GCM-SHA256`,
|
||||
`ECDH-RSA-AES256-GCM-SHA384`,
|
||||
`ECDH-ECDSA-AES128-GCM-SHA256`,
|
||||
`ECDH-ECDSA-AES256-GCM-SHA384`,
|
||||
`CAMELLIA128-SHA`,
|
||||
`DHE-RSA-CAMELLIA128-SHA`,
|
||||
`CAMELLIA256-SHA`,
|
||||
`DHE-RSA-CAMELLIA256-SHA`,
|
||||
`CAMELLIA128-SHA256`,
|
||||
`DHE-RSA-CAMELLIA128-SHA256`,
|
||||
`CAMELLIA256-SHA256`,
|
||||
`DHE-RSA-CAMELLIA256-SHA256`,
|
||||
`ECDHE-RSA-AES128-SHA256`,
|
||||
`ECDHE-ECDSA-AES128-SHA256`,
|
||||
`ECDH-RSA-AES128-SHA256`,
|
||||
`ECDH-ECDSA-AES128-SHA256`,
|
||||
`ECDHE-RSA-AES256-SHA384`,
|
||||
`ECDHE-ECDSA-AES256-SHA384`,
|
||||
`ECDH-RSA-AES256-SHA384`,
|
||||
`ECDH-ECDSA-AES256-SHA384`,
|
||||
`ECDHE-RSA-CHACHA20-POLY1305`,
|
||||
`ECDHE-ECDSA-CHACHA20-POLY1305`,
|
||||
`DHE-RSA-CHACHA20-POLY1305`,
|
||||
`ECDHE-RSA-CHACHA20-POLY1305-OLD`,
|
||||
`ECDHE-ECDSA-CHACHA20-POLY1305-OLD`,
|
||||
`DHE-RSA-CHACHA20-POLY1305-OLD`,
|
||||
`ADH-AES128-SHA`,
|
||||
`QSH`,
|
||||
`RENEGOTIATION-INFO`,
|
||||
`IDEA-CBC-SHA`,
|
||||
`ECDHE-ECDSA-NULL-SHA`,
|
||||
`ECDHE-PSK-NULL-SHA256`,
|
||||
`ECDHE-PSK-AES128-CBC-SHA256`,
|
||||
`PSK-CHACHA20-POLY1305`,
|
||||
`ECDHE-PSK-CHACHA20-POLY1305`,
|
||||
`DHE-PSK-CHACHA20-POLY1305`,
|
||||
`EDH-RSA-DES-CBC3-SHA`,
|
||||
|
||||
@ -46,6 +46,9 @@ For NSS, valid examples of cipher lists include 'rsa_rc4_128_md5',
|
||||
\'rsa_aes_128_sha\', etc. With NSS you don't add/remove ciphers. If one uses
|
||||
this option then all known ciphers are disabled and only those passed in are
|
||||
enabled.
|
||||
|
||||
For WolfSSL, valid examples of cipher lists include
|
||||
\'ECDHE-RSA-RC4-SHA\', 'AES256-SHA:AES256-SHA256', etc.
|
||||
.SH DEFAULT
|
||||
NULL, use internal default
|
||||
.SH PROTOCOLS
|
||||
|
||||
@ -134,6 +134,7 @@ cyassl_connect_step1(struct connectdata *conn,
|
||||
int sockindex)
|
||||
{
|
||||
char error_buffer[CYASSL_MAX_ERROR_SZ];
|
||||
char *ciphers;
|
||||
struct Curl_easy *data = conn->data;
|
||||
struct ssl_connect_data* conssl = &conn->ssl[sockindex];
|
||||
SSL_METHOD* req_method = NULL;
|
||||
@ -229,6 +230,15 @@ cyassl_connect_step1(struct connectdata *conn,
|
||||
break;
|
||||
}
|
||||
|
||||
ciphers = SSL_CONN_CONFIG(cipher_list);
|
||||
if(ciphers) {
|
||||
if(!SSL_CTX_set_cipher_list(conssl->ctx, ciphers)) {
|
||||
failf(data, "failed setting cipher list: %s", ciphers);
|
||||
return CURLE_SSL_CIPHER;
|
||||
}
|
||||
infof(data, "Cipher selection: %s\n", ciphers);
|
||||
}
|
||||
|
||||
#ifndef NO_FILESYSTEM
|
||||
/* load trusted cacert */
|
||||
if(SSL_CONN_CONFIG(CAfile)) {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user