diff options
author | Daniel Stenberg <daniel@haxx.se> | 2018-05-29 16:12:52 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2018-05-29 16:12:52 +0200 |
commit | 050c93c46f5bc880897152419200e60da56b46e0 (patch) | |
tree | 511d0b0030464cb8a666b312d578332f86ecc1b5 /src | |
parent | 5005ade2ce57e0e71439aa6639eb70414db949b8 (diff) |
setopt: add TLS 1.3 ciphersuites
Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS.
curl: added --tls13-ciphers and --proxy-tls13-ciphers
Fixes #2435
Reported-by: zzq1015 on github
Closes #2607
Diffstat (limited to 'src')
-rw-r--r-- | src/tool_cfgable.h | 2 | ||||
-rw-r--r-- | src/tool_getparam.c | 8 | ||||
-rw-r--r-- | src/tool_help.c | 16 | ||||
-rw-r--r-- | src/tool_operate.c | 7 |
4 files changed, 27 insertions, 6 deletions
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h index 9d995f85e..237c2bd7f 100644 --- a/src/tool_cfgable.h +++ b/src/tool_cfgable.h @@ -117,6 +117,8 @@ struct OperationConfig { struct getout *url_ul; /* point to the node to fill in upload */ char *cipher_list; char *proxy_cipher_list; + char *cipher13_list; + char *proxy_cipher13_list; char *cert; char *proxy_cert; char *cert_type; diff --git a/src/tool_getparam.c b/src/tool_getparam.c index e83373c37..a9f448112 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -201,6 +201,8 @@ static const struct LongShort aliases[]= { {"11", "tlsv1.1", ARG_NONE}, {"12", "tlsv1.2", ARG_NONE}, {"13", "tlsv1.3", ARG_NONE}, + {"1A", "tls13-ciphers", ARG_STRING}, + {"1B", "proxy-tls13-ciphers", ARG_STRING}, {"2", "sslv2", ARG_NONE}, {"3", "sslv3", ARG_NONE}, {"4", "ipv4", ARG_NONE}, @@ -1177,6 +1179,12 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ /* TLS version 1.3 */ config->ssl_version = CURL_SSLVERSION_TLSv1_3; break; + case 'A': /* --tls13-ciphers */ + GetStr(&config->cipher13_list, nextarg); + break; + case 'B': /* --proxy-tls13-ciphers */ + GetStr(&config->proxy_cipher13_list, nextarg); + break; } break; case '2': diff --git a/src/tool_help.c b/src/tool_help.c index 7c4dda3b0..3218cf67d 100644 --- a/src/tool_help.c +++ b/src/tool_help.c @@ -160,12 +160,12 @@ static const struct helptxt helptext[] = { "Put the post data in the URL and use GET"}, {"-g, --globoff", "Disable URL sequences and ranges using {} and []"}, - {" --happy-eyeballs-timeout-ms", + {" --happy-eyeballs-timeout-ms <milliseconds>", "How long to wait in milliseconds for IPv6 before trying IPv4"}, - {"-I, --head", - "Show document info only"}, {" --haproxy-protocol", "Send HAProxy PROXY protocol v1 header"}, + {"-I, --head", + "Show document info only"}, {"-H, --header <header/@file>", "Pass custom header(s) to server"}, {"-h, --help", @@ -297,7 +297,7 @@ static const struct helptxt helptext[] = { {" --proxy-cert <cert[:passwd]>", "Set client certificate for proxy"}, {" --proxy-cert-type <type>", - "Client certificate type for HTTS proxy"}, + "Client certificate type for HTTPS proxy"}, {" --proxy-ciphers <list>", "SSL ciphers to use for proxy"}, {" --proxy-crlfile <file>", @@ -324,6 +324,8 @@ static const struct helptxt helptext[] = { "SPNEGO proxy service name"}, {" --proxy-ssl-allow-beast", "Allow security flaw for interop for HTTPS proxy"}, + {" --proxy-tls13-ciphers <ciphersuite list>", + "TLS 1.3 proxy cipher suites"}, {" --proxy-tlsauthtype <type>", "TLS authentication type for HTTPS proxy"}, {" --proxy-tlspassword <string>", @@ -337,7 +339,7 @@ static const struct helptxt helptext[] = { {" --proxy1.0 <host[:port]>", "Use HTTP/1.0 proxy on given port"}, {"-p, --proxytunnel", - "Operate through a HTTP proxy tunnel (using CONNECT)"}, + "Operate through an HTTP proxy tunnel (using CONNECT)"}, {" --pubkey <key>", "SSH Public key file name"}, {"-Q, --quote", @@ -362,7 +364,7 @@ static const struct helptxt helptext[] = { "Specify request command to use"}, {" --request-target", "Specify the target for this request"}, - {" --resolve <host:port:address>", + {" --resolve <host:port:address[,address]...>", "Resolve the host+port to this address"}, {" --retry <num>", "Retry request if transient problems occur"}, @@ -432,6 +434,8 @@ static const struct helptxt helptext[] = { "Transfer based on a time condition"}, {" --tls-max <VERSION>", "Use TLSv1.0 or greater"}, + {" --tls13-ciphers <list of TLS 1.3 ciphersuites>", + "TLS 1.3 cipher suites to use"}, {" --tlsauthtype <type>", "TLS authentication type"}, {" --tlspassword", diff --git a/src/tool_operate.c b/src/tool_operate.c index 5be862228..0a1b1a48d 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -1216,6 +1216,13 @@ static CURLcode operate_do(struct GlobalConfig *global, my_setopt_str(curl, CURLOPT_PROXY_SSL_CIPHER_LIST, config->proxy_cipher_list); + if(config->cipher13_list) + my_setopt_str(curl, CURLOPT_TLS13_CIPHERS, config->cipher13_list); + + if(config->proxy_cipher13_list) + my_setopt_str(curl, CURLOPT_PROXY_SSL_CIPHER_LIST, + config->proxy_cipher13_list); + /* new in libcurl 7.9.2: */ if(config->disable_epsv) /* disable it */ |