Commit Graph

32 Commits

Author SHA1 Message Date
Viktor Szakats
767d5811b5
tidy-up: URL updates
Closes #14318
2024-07-30 21:27:12 +02:00
Viktor Szakats
6343034dd1
tidy-up: adjust casing of project names
Mostly TLS/SSH project name.

Closes #14160
2024-07-12 13:56:16 +02:00
Daniel Stenberg
86d33001e4
reuse: add copyright + license info to individual docs/*.md files
Instead of use 'docs/*.md' in dep5. For clarity and avoiding a wide-
matching wildcard.

+ Remove mention of old files from .reuse/dep5
+ add info to .github/dependabot.yml
+ make scripts/copyright.pl warn on non-matching patterns

Closes #13245
2024-03-31 12:01:18 +02:00
Daniel Stenberg
2097a095c9
docs: use present tense
avoid "will", detect "will" as a bad word in the CI

Also line wrapped a bunch of paragraphs

Closes #13001
2024-02-27 09:47:21 +01:00
Daniel Stenberg
e5000e797f
GHA: add a job scanning for "bad words" in markdown
This means words, phrases or things we have decided not to use - words that
are spelled right according to the dictionary but we want to avoid. In the
name of consistency and better documentation.

Closes #12764
2024-01-24 08:44:34 +01:00
Daniel Stenberg
78d6232f1f
gskit: remove
We remove support for building curl with gskit.

 - This is a niche TLS library, only running on some IBM systems
 - no regular curl contributors use this backend
 - no CI builds use or verify this backend
 - gskit, or the curl adaption for it, lacks many modern TLS features
   making it an inferior solution
 - build breakages in this code take weeks or more to get detected
 - fixing gskit code is mostly done "flying blind"

This removal has been advertized in DEPRECATED in Jan 2, 2023 and it has
been mentioned on the curl-library mailing list.

It could be brought back, this is not a ban. Given proper effort and
will, gskit support is welcome back into the curl TLS backend family.

Closes #11460
2023-08-07 20:57:48 +02:00
Jay Satiro
b4f9ae5126 schannel: fix user-set legacy algorithms in Windows 10 & 11
- If the user set a legacy algorithm list (CURLOPT_SSL_CIPHER_LIST) then
  use the SCHANNEL_CRED legacy structure to pass the list to Schannel.

- If the user set both a legacy algorithm list and a TLS 1.3 cipher list
  then abort.

Although MS doesn't document it, Schannel will not negotiate TLS 1.3
when SCHANNEL_CRED is used. That means setting a legacy algorithm list
limits the user to earlier versions of TLS.

Prior to this change, since 8beff435 (precedes 7.85.0), libcurl would
ignore legacy algorithms in Windows 10 1809 and later.

Reported-by: zhihaoy@users.noreply.github.com

Fixes https://github.com/curl/curl/pull/10741
Closes https://github.com/curl/curl/pull/10746
2023-08-02 03:43:13 -04:00
Viktor Szakats
86eff0b0d5
nss: delete more NSS references
Fix the distcheck CI failure and delete more NSS references.

Follow-up to 7c8bae0d9c

Reviewed-by: Marcel Raad
Reviewed-by: Daniel Stenberg
Closes #11548
2023-07-30 21:55:29 +00:00
Daniel Stenberg
22c92a6d51
docs: use a space after RFC when spelling out RFC numbers
Closes #11382
2023-07-09 19:13:33 +02:00
Daniel Stenberg
fd1ce3d4b0
docs: spellfixes
Pointed by the new CI job
2022-09-21 15:20:08 +02:00
Wyatt O'Day
8beff43559 schannel: Add TLS 1.3 support
- Support TLS 1.3 as the default max TLS version for Windows Server 2022
  and Windows 11.

- Support specifying TLS 1.3 ciphers via existing option
  CURLOPT_TLS13_CIPHERS (tool: --tls13-ciphers).

Closes https://github.com/curl/curl/pull/8419
2022-08-02 13:54:31 -04:00
Jan Venekamp
f5d79619b1
BearSSL: add CURLOPT_SSL_CIPHER_LIST support
Closes #8477
2022-03-12 22:59:45 +01:00
Antoine Pietri
b341b7675b
docs: grammar proofread, typo fixes
(Partially automated) proofread of most of the documentation, leading to
various typo fixes.

Closes #8353
2022-01-30 12:06:05 +01:00
Daniel Stenberg
1760258b16
docs: fix dead links, remove ECH.md 2021-12-17 09:17:08 +01:00
Daniel Stenberg
e30b2064b7
docs: fix proselint nits
- remove a lot of exclamation marks
- use consistent spaces (1, not 2)
- use better words at some places

Closes #8123
2021-12-09 23:16:46 +01:00
Morten Minde Neergaard
67d3afa73f schannel: Support strong crypto option
- Support enabling strong crypto via optional user cipher list when
  USE_STRONG_CRYPTO or SCH_USE_STRONG_CRYPTO is in the list.

MSDN says SCH_USE_STRONG_CRYPTO "Instructs Schannel to disable known
weak cryptographic algorithms, cipher suites, and SSL/TLS protocol
versions that may be otherwise enabled for better interoperability."

Ref: https://curl.se/mail/lib-2021-02/0066.html
Ref: https://curl.se/docs/manpage.html#--ciphers
Ref: https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html
Ref: https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred

Closes https://github.com/curl/curl/pull/6734
2021-04-22 17:40:19 -04:00
Daniel Stenberg
4d2f800677
curl.se: new home
Closes #6172
2020-11-04 23:59:47 +01:00
georgeok
fea0120312 CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH
If the SSL backend is Schannel and the user specifies an Schannel CALG_
that is not supported by the protocol or the server then curl returns
CURLE_SSL_CONNECT_ERROR (35) SEC_E_ALGORITHM_MISMATCH.

Fixes https://github.com/curl/curl/issues/3389
Closes https://github.com/curl/curl/pull/4106
2019-07-17 01:08:23 -04:00
Daniel Stenberg
7e590b3ecd
tls13-docs: mention it is only for OpenSSL >= 1.1.1
Reported-by: Jay Satiro
Co-authored-by: Jay Satiro
Fixes #3938
Closes #3946
2019-06-02 16:15:45 +02:00
Hubert Kario
319ae9075e nss: allow to specify TLS 1.3 ciphers if supported by NSS
Closes #3916
2019-05-27 09:04:09 +02:00
Viktor Szakats
f3e0f071b1 docs: Markdown and misc improvements [ci skip]
Approved-by: Daniel Stenberg
Closes #3896
2019-05-16 22:11:27 +00:00
georgeok
531b7ad43a schannel: support CALG_ECDH_EPHEM algorithm
Add support for Ephemeral elliptic curve Diffie-Hellman key exchange
algorithm option when selecting ciphers. This became available on the
Win10 SDK.

Closes https://github.com/curl/curl/pull/3608
2019-02-25 01:38:35 -05:00
Daniel Stenberg
067992baa7
docs/CIPHERS: fix the TLS 1.3 cipher names
... picked straight from the OpenSSL man page:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html

Reported-by: Ricky-Tigg on github
Bug: #3178
2018-10-27 10:46:36 +02:00
Jay Satiro
a023dfa19a CIPHERS.md: Mention the options used to set TLS 1.3 ciphers
Closes https://github.com/curl/curl/pull/3159
2018-10-23 03:37:37 -04:00
Daniel Stenberg
835a2fe694
docs/CIPHERS: mention the colon separation for OpenSSL
Bug: #3077
2018-10-02 13:55:36 +02:00
Robert Prag
9aefbff30d
schannel: support selecting ciphers
Given the contstraints of SChannel, I'm exposing these as the algorithms
themselves instead; while replicating the ciphersuite as specified by
OpenSSL would have been preferable, I found no way in the SChannel API
to do so.

To use this from the commandline, you need to pass the names of contants
defining the desired algorithms. For example, curl --ciphers
"CALG_SHA1:CALG_RSA_SIGN:CALG_RSA_KEYX:CALG_AES_128:CALG_DH_EPHEM"
https://github.com The specific names come from wincrypt.h

Closes #2630
2018-06-12 12:08:40 +02:00
Daniel Stenberg
050c93c46f
setopt: add TLS 1.3 ciphersuites
Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS.

curl: added --tls13-ciphers and --proxy-tls13-ciphers

Fixes #2435
Reported-by: zzq1015 on github
Closes #2607
2018-05-29 16:12:52 +02:00
Viktor Szakats
13ef623a81
docs/comments: Update to secure URL versions
Closes #1741
2017-08-08 21:41:07 +02:00
Dan Fandrich
bbee0d4eee wolfssl: support setting cipher list 2017-01-06 23:02:09 +01:00
Patrick Monnerat
5d7a7fcdcb CIPHERS.md: document GSKit ciphers 2017-01-06 17:43:57 +01:00
Daniel Stenberg
4517158abf CIPHERS.md: backtick the names to show underscores fine 2016-12-18 16:44:45 +01:00
Daniel Stenberg
6bc1051608 CIPHERS.md: attempt to document TLS cipher names
As the official docs seems really hard to keep track of and link to over
time
2016-12-18 01:08:55 +01:00