17 Commits

Author	SHA1	Message	Date
Morten Minde Neergaard	67d3afa73f	schannel: Support strong crypto option ... - Support enabling strong crypto via optional user cipher list when USE_STRONG_CRYPTO or SCH_USE_STRONG_CRYPTO is in the list. MSDN says SCH_USE_STRONG_CRYPTO "Instructs Schannel to disable known weak cryptographic algorithms, cipher suites, and SSL/TLS protocol versions that may be otherwise enabled for better interoperability." Ref: https://curl.se/mail/lib-2021-02/0066.html Ref: https://curl.se/docs/manpage.html#--ciphers Ref: https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html Ref: https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred Closes https://github.com/curl/curl/pull/6734	2021-04-22 17:40:19 -04:00
Daniel Stenberg	4d2f800677	curl.se: new home ... Closes #6172	2020-11-04 23:59:47 +01:00
georgeok	fea0120312	CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH ... If the SSL backend is Schannel and the user specifies an Schannel CALG_ that is not supported by the protocol or the server then curl returns CURLE_SSL_CONNECT_ERROR (35) SEC_E_ALGORITHM_MISMATCH. Fixes https://github.com/curl/curl/issues/3389 Closes https://github.com/curl/curl/pull/4106	2019-07-17 01:08:23 -04:00
Daniel Stenberg	7e590b3ecd	tls13-docs: mention it is only for OpenSSL >= 1.1.1 ... Reported-by: Jay Satiro Co-authored-by: Jay Satiro Fixes #3938 Closes #3946	2019-06-02 16:15:45 +02:00
Hubert Kario	319ae9075e	nss: allow to specify TLS 1.3 ciphers if supported by NSS ... Closes #3916	2019-05-27 09:04:09 +02:00
Viktor Szakats	f3e0f071b1	docs: Markdown and misc improvements [ci skip] ... Approved-by: Daniel Stenberg Closes #3896	2019-05-16 22:11:27 +00:00
georgeok	531b7ad43a	schannel: support CALG_ECDH_EPHEM algorithm ... Add support for Ephemeral elliptic curve Diffie-Hellman key exchange algorithm option when selecting ciphers. This became available on the Win10 SDK. Closes https://github.com/curl/curl/pull/3608	2019-02-25 01:38:35 -05:00
Daniel Stenberg	067992baa7	docs/CIPHERS: fix the TLS 1.3 cipher names ... ... picked straight from the OpenSSL man page: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html Reported-by: Ricky-Tigg on github Bug: #3178	2018-10-27 10:46:36 +02:00
Jay Satiro	a023dfa19a	CIPHERS.md: Mention the options used to set TLS 1.3 ciphers ... Closes https://github.com/curl/curl/pull/3159	2018-10-23 03:37:37 -04:00
Daniel Stenberg	835a2fe694	docs/CIPHERS: mention the colon separation for OpenSSL ... Bug: #3077	2018-10-02 13:55:36 +02:00
Robert Prag	9aefbff30d	schannel: support selecting ciphers ... Given the contstraints of SChannel, I'm exposing these as the algorithms themselves instead; while replicating the ciphersuite as specified by OpenSSL would have been preferable, I found no way in the SChannel API to do so. To use this from the commandline, you need to pass the names of contants defining the desired algorithms. For example, curl --ciphers "CALG_SHA1:CALG_RSA_SIGN:CALG_RSA_KEYX:CALG_AES_128:CALG_DH_EPHEM" https://github.com The specific names come from wincrypt.h Closes #2630	2018-06-12 12:08:40 +02:00
Daniel Stenberg	050c93c46f	setopt: add TLS 1.3 ciphersuites ... Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS. curl: added --tls13-ciphers and --proxy-tls13-ciphers Fixes #2435 Reported-by: zzq1015 on github Closes #2607	2018-05-29 16:12:52 +02:00
Viktor Szakats	13ef623a81	docs/comments: Update to secure URL versions ... Closes #1741	2017-08-08 21:41:07 +02:00
Dan Fandrich	bbee0d4eee	wolfssl: support setting cipher list	2017-01-06 23:02:09 +01:00
Patrick Monnerat	5d7a7fcdcb	CIPHERS.md: document GSKit ciphers	2017-01-06 17:43:57 +01:00
Daniel Stenberg	4517158abf	CIPHERS.md: backtick the names to show underscores fine	2016-12-18 16:44:45 +01:00
Daniel Stenberg	6bc1051608	CIPHERS.md: attempt to document TLS cipher names ... As the official docs seems really hard to keep track of and link to over time	2016-12-18 01:08:55 +01:00