aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2018-05-29 16:12:52 +0200
committerDaniel Stenberg <daniel@haxx.se>2018-05-29 16:12:52 +0200
commit050c93c46f5bc880897152419200e60da56b46e0 (patch)
tree511d0b0030464cb8a666b312d578332f86ecc1b5 /src
parent5005ade2ce57e0e71439aa6639eb70414db949b8 (diff)
setopt: add TLS 1.3 ciphersuites
Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS. curl: added --tls13-ciphers and --proxy-tls13-ciphers Fixes #2435 Reported-by: zzq1015 on github Closes #2607
Diffstat (limited to 'src')
-rw-r--r--src/tool_cfgable.h2
-rw-r--r--src/tool_getparam.c8
-rw-r--r--src/tool_help.c16
-rw-r--r--src/tool_operate.c7
4 files changed, 27 insertions, 6 deletions
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h
index 9d995f85e..237c2bd7f 100644
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@@ -117,6 +117,8 @@ struct OperationConfig {
struct getout *url_ul; /* point to the node to fill in upload */
char *cipher_list;
char *proxy_cipher_list;
+ char *cipher13_list;
+ char *proxy_cipher13_list;
char *cert;
char *proxy_cert;
char *cert_type;
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index e83373c37..a9f448112 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -201,6 +201,8 @@ static const struct LongShort aliases[]= {
{"11", "tlsv1.1", ARG_NONE},
{"12", "tlsv1.2", ARG_NONE},
{"13", "tlsv1.3", ARG_NONE},
+ {"1A", "tls13-ciphers", ARG_STRING},
+ {"1B", "proxy-tls13-ciphers", ARG_STRING},
{"2", "sslv2", ARG_NONE},
{"3", "sslv3", ARG_NONE},
{"4", "ipv4", ARG_NONE},
@@ -1177,6 +1179,12 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
/* TLS version 1.3 */
config->ssl_version = CURL_SSLVERSION_TLSv1_3;
break;
+ case 'A': /* --tls13-ciphers */
+ GetStr(&config->cipher13_list, nextarg);
+ break;
+ case 'B': /* --proxy-tls13-ciphers */
+ GetStr(&config->proxy_cipher13_list, nextarg);
+ break;
}
break;
case '2':
diff --git a/src/tool_help.c b/src/tool_help.c
index 7c4dda3b0..3218cf67d 100644
--- a/src/tool_help.c
+++ b/src/tool_help.c
@@ -160,12 +160,12 @@ static const struct helptxt helptext[] = {
"Put the post data in the URL and use GET"},
{"-g, --globoff",
"Disable URL sequences and ranges using {} and []"},
- {" --happy-eyeballs-timeout-ms",
+ {" --happy-eyeballs-timeout-ms <milliseconds>",
"How long to wait in milliseconds for IPv6 before trying IPv4"},
- {"-I, --head",
- "Show document info only"},
{" --haproxy-protocol",
"Send HAProxy PROXY protocol v1 header"},
+ {"-I, --head",
+ "Show document info only"},
{"-H, --header <header/@file>",
"Pass custom header(s) to server"},
{"-h, --help",
@@ -297,7 +297,7 @@ static const struct helptxt helptext[] = {
{" --proxy-cert <cert[:passwd]>",
"Set client certificate for proxy"},
{" --proxy-cert-type <type>",
- "Client certificate type for HTTS proxy"},
+ "Client certificate type for HTTPS proxy"},
{" --proxy-ciphers <list>",
"SSL ciphers to use for proxy"},
{" --proxy-crlfile <file>",
@@ -324,6 +324,8 @@ static const struct helptxt helptext[] = {
"SPNEGO proxy service name"},
{" --proxy-ssl-allow-beast",
"Allow security flaw for interop for HTTPS proxy"},
+ {" --proxy-tls13-ciphers <ciphersuite list>",
+ "TLS 1.3 proxy cipher suites"},
{" --proxy-tlsauthtype <type>",
"TLS authentication type for HTTPS proxy"},
{" --proxy-tlspassword <string>",
@@ -337,7 +339,7 @@ static const struct helptxt helptext[] = {
{" --proxy1.0 <host[:port]>",
"Use HTTP/1.0 proxy on given port"},
{"-p, --proxytunnel",
- "Operate through a HTTP proxy tunnel (using CONNECT)"},
+ "Operate through an HTTP proxy tunnel (using CONNECT)"},
{" --pubkey <key>",
"SSH Public key file name"},
{"-Q, --quote",
@@ -362,7 +364,7 @@ static const struct helptxt helptext[] = {
"Specify request command to use"},
{" --request-target",
"Specify the target for this request"},
- {" --resolve <host:port:address>",
+ {" --resolve <host:port:address[,address]...>",
"Resolve the host+port to this address"},
{" --retry <num>",
"Retry request if transient problems occur"},
@@ -432,6 +434,8 @@ static const struct helptxt helptext[] = {
"Transfer based on a time condition"},
{" --tls-max <VERSION>",
"Use TLSv1.0 or greater"},
+ {" --tls13-ciphers <list of TLS 1.3 ciphersuites>",
+ "TLS 1.3 cipher suites to use"},
{" --tlsauthtype <type>",
"TLS authentication type"},
{" --tlspassword",
diff --git a/src/tool_operate.c b/src/tool_operate.c
index 5be862228..0a1b1a48d 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -1216,6 +1216,13 @@ static CURLcode operate_do(struct GlobalConfig *global,
my_setopt_str(curl, CURLOPT_PROXY_SSL_CIPHER_LIST,
config->proxy_cipher_list);
+ if(config->cipher13_list)
+ my_setopt_str(curl, CURLOPT_TLS13_CIPHERS, config->cipher13_list);
+
+ if(config->proxy_cipher13_list)
+ my_setopt_str(curl, CURLOPT_PROXY_SSL_CIPHER_LIST,
+ config->proxy_cipher13_list);
+
/* new in libcurl 7.9.2: */
if(config->disable_epsv)
/* disable it */