Граф коммитов

21 Коммитов

Автор SHA1 Сообщение Дата
Jan Venekamp f5d79619b1
BearSSL: add CURLOPT_SSL_CIPHER_LIST support
Closes #8477
2022-03-12 22:59:45 +01:00
Antoine Pietri b341b7675b
docs: grammar proofread, typo fixes
(Partially automated) proofread of most of the documentation, leading to
various typo fixes.

Closes #8353
2022-01-30 12:06:05 +01:00
Daniel Stenberg 1760258b16
docs: fix dead links, remove ECH.md 2021-12-17 09:17:08 +01:00
Daniel Stenberg e30b2064b7
docs: fix proselint nits
- remove a lot of exclamation marks
- use consistent spaces (1, not 2)
- use better words at some places

Closes #8123
2021-12-09 23:16:46 +01:00
Morten Minde Neergaard 67d3afa73f schannel: Support strong crypto option
- Support enabling strong crypto via optional user cipher list when
  USE_STRONG_CRYPTO or SCH_USE_STRONG_CRYPTO is in the list.

MSDN says SCH_USE_STRONG_CRYPTO "Instructs Schannel to disable known
weak cryptographic algorithms, cipher suites, and SSL/TLS protocol
versions that may be otherwise enabled for better interoperability."

Ref: https://curl.se/mail/lib-2021-02/0066.html
Ref: https://curl.se/docs/manpage.html#--ciphers
Ref: https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html
Ref: https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred

Closes https://github.com/curl/curl/pull/6734
2021-04-22 17:40:19 -04:00
Daniel Stenberg 4d2f800677
curl.se: new home
Closes #6172
2020-11-04 23:59:47 +01:00
georgeok fea0120312 CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH
If the SSL backend is Schannel and the user specifies an Schannel CALG_
that is not supported by the protocol or the server then curl returns
CURLE_SSL_CONNECT_ERROR (35) SEC_E_ALGORITHM_MISMATCH.

Fixes https://github.com/curl/curl/issues/3389
Closes https://github.com/curl/curl/pull/4106
2019-07-17 01:08:23 -04:00
Daniel Stenberg 7e590b3ecd
tls13-docs: mention it is only for OpenSSL >= 1.1.1
Reported-by: Jay Satiro
Co-authored-by: Jay Satiro
Fixes #3938
Closes #3946
2019-06-02 16:15:45 +02:00
Hubert Kario 319ae9075e nss: allow to specify TLS 1.3 ciphers if supported by NSS
Closes #3916
2019-05-27 09:04:09 +02:00
Viktor Szakats f3e0f071b1 docs: Markdown and misc improvements [ci skip]
Approved-by: Daniel Stenberg
Closes #3896
2019-05-16 22:11:27 +00:00
georgeok 531b7ad43a schannel: support CALG_ECDH_EPHEM algorithm
Add support for Ephemeral elliptic curve Diffie-Hellman key exchange
algorithm option when selecting ciphers. This became available on the
Win10 SDK.

Closes https://github.com/curl/curl/pull/3608
2019-02-25 01:38:35 -05:00
Daniel Stenberg 067992baa7
docs/CIPHERS: fix the TLS 1.3 cipher names
... picked straight from the OpenSSL man page:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html

Reported-by: Ricky-Tigg on github
Bug: #3178
2018-10-27 10:46:36 +02:00
Jay Satiro a023dfa19a CIPHERS.md: Mention the options used to set TLS 1.3 ciphers
Closes https://github.com/curl/curl/pull/3159
2018-10-23 03:37:37 -04:00
Daniel Stenberg 835a2fe694
docs/CIPHERS: mention the colon separation for OpenSSL
Bug: #3077
2018-10-02 13:55:36 +02:00
Robert Prag 9aefbff30d
schannel: support selecting ciphers
Given the contstraints of SChannel, I'm exposing these as the algorithms
themselves instead; while replicating the ciphersuite as specified by
OpenSSL would have been preferable, I found no way in the SChannel API
to do so.

To use this from the commandline, you need to pass the names of contants
defining the desired algorithms. For example, curl --ciphers
"CALG_SHA1:CALG_RSA_SIGN:CALG_RSA_KEYX:CALG_AES_128:CALG_DH_EPHEM"
https://github.com The specific names come from wincrypt.h

Closes #2630
2018-06-12 12:08:40 +02:00
Daniel Stenberg 050c93c46f
setopt: add TLS 1.3 ciphersuites
Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS.

curl: added --tls13-ciphers and --proxy-tls13-ciphers

Fixes #2435
Reported-by: zzq1015 on github
Closes #2607
2018-05-29 16:12:52 +02:00
Viktor Szakats 13ef623a81
docs/comments: Update to secure URL versions
Closes #1741
2017-08-08 21:41:07 +02:00
Dan Fandrich bbee0d4eee wolfssl: support setting cipher list 2017-01-06 23:02:09 +01:00
Patrick Monnerat 5d7a7fcdcb CIPHERS.md: document GSKit ciphers 2017-01-06 17:43:57 +01:00
Daniel Stenberg 4517158abf CIPHERS.md: backtick the names to show underscores fine 2016-12-18 16:44:45 +01:00
Daniel Stenberg 6bc1051608 CIPHERS.md: attempt to document TLS cipher names
As the official docs seems really hard to keep track of and link to over
time
2016-12-18 01:08:55 +01:00