mirror of
https://github.com/curl/curl.git
synced 2025-01-12 13:55:11 +08:00
b4f9ae5126
- If the user set a legacy algorithm list (CURLOPT_SSL_CIPHER_LIST) then
use the SCHANNEL_CRED legacy structure to pass the list to Schannel.
- If the user set both a legacy algorithm list and a TLS 1.3 cipher list
then abort.
Although MS doesn't document it, Schannel will not negotiate TLS 1.3
when SCHANNEL_CRED is used. That means setting a legacy algorithm list
limits the user to earlier versions of TLS.
Prior to this change, since 8beff435 (precedes 7.85.0), libcurl would
ignore legacy algorithms in Windows 10 1809 and later.
Reported-by: zhihaoy@users.noreply.github.com
Fixes https://github.com/curl/curl/pull/10741
Closes https://github.com/curl/curl/pull/10746
22 lines
768 B
Makefile
22 lines
768 B
Makefile
c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
SPDX-License-Identifier: curl
|
|
Long: tls13-ciphers
|
|
Arg: <ciphersuite list>
|
|
help: TLS 1.3 cipher suites to use
|
|
Protocols: TLS
|
|
Category: tls
|
|
Example: --tls13-ciphers TLS_AES_128_GCM_SHA256 $URL
|
|
Added: 7.61.0
|
|
See-also: ciphers curves proxy-tls13-ciphers
|
|
Multi: single
|
|
---
|
|
Specifies which cipher suites to use in the connection if it negotiates TLS
|
|
1.3. The list of ciphers suites must specify valid ciphers. Read up on TLS 1.3
|
|
cipher suite details on this URL:
|
|
|
|
https://curl.se/docs/ssl-ciphers.html
|
|
|
|
This option is currently used only when curl is built to use OpenSSL 1.1.1 or
|
|
later, or Schannel. If you are using a different SSL backend you can try
|
|
setting TLS 1.3 cipher suites by using the --ciphers option.
|