| #
77d722a0 |
| 09-Aug-2024 |
Jan Venekamp <1422460+jan2000@users.noreply.github.com> |
docs: update CIPHERS.md
Give a more consice overview of curl's cipher options and cipher suites.
Removed long lists of ciphers that were directly copied from the SSL
backends' d
docs: update CIPHERS.md
Give a more consice overview of curl's cipher options and cipher suites.
Removed long lists of ciphers that were directly copied from the SSL
backends' documentation. Instead present the user a more common aproach
acorss the SSL backends, with notes for backends that do not conform
and/or provide alternate means.
Provide a shorter list of cipher suites that is more relevant for modern
usage and should work mostly across all backends, provide a seperate
list with all cipher suites, and provide links to the SSL backends'
documentation for more information.
Also give examples with modern cipher suites.
Add docs/CIPHERS-TLS12.md for TLS 1.2 ciphers.
Closes #14460
show more ...
|
| #
f3e07e5c |
| 04-Aug-2024 |
Jan Venekamp <1422460+jan2000@users.noreply.github.com> |
docs: wolfssl and mbedtls add CURLOPT_TLS13_CIPHERS support
Documentation for #14384 and #14385
Closes #14386
|
| #
767d5811 |
| 30-Jul-2024 |
Viktor Szakats |
tidy-up: URL updates
Closes #14318
|
| #
6343034d |
| 12-Jul-2024 |
Viktor Szakats |
tidy-up: adjust casing of project names
Mostly TLS/SSH project name.
Closes #14160
|
| #
86d33001 |
| 31-Mar-2024 |
Daniel Stenberg |
reuse: add copyright + license info to individual docs/*.md files
Instead of use 'docs/*.md' in dep5. For clarity and avoiding a wide-
matching wildcard.
+ Remove mention of old
reuse: add copyright + license info to individual docs/*.md files
Instead of use 'docs/*.md' in dep5. For clarity and avoiding a wide-
matching wildcard.
+ Remove mention of old files from .reuse/dep5
+ add info to .github/dependabot.yml
+ make scripts/copyright.pl warn on non-matching patterns
Closes #13245
show more ...
|
| #
2097a095 |
| 27-Feb-2024 |
Daniel Stenberg |
docs: use present tense
avoid "will", detect "will" as a bad word in the CI
Also line wrapped a bunch of paragraphs
Closes #13001
|
| #
e5000e79 |
| 23-Jan-2024 |
Daniel Stenberg |
GHA: add a job scanning for "bad words" in markdown
This means words, phrases or things we have decided not to use - words that
are spelled right according to the dictionary but we want
GHA: add a job scanning for "bad words" in markdown
This means words, phrases or things we have decided not to use - words that
are spelled right according to the dictionary but we want to avoid. In the
name of consistency and better documentation.
Closes #12764
show more ...
|
| #
78d6232f |
| 07-Aug-2023 |
Daniel Stenberg |
gskit: remove
We remove support for building curl with gskit.
- This is a niche TLS library, only running on some IBM systems
- no regular curl contributors use this backend
gskit: remove
We remove support for building curl with gskit.
- This is a niche TLS library, only running on some IBM systems
- no regular curl contributors use this backend
- no CI builds use or verify this backend
- gskit, or the curl adaption for it, lacks many modern TLS features
making it an inferior solution
- build breakages in this code take weeks or more to get detected
- fixing gskit code is mostly done "flying blind"
This removal has been advertized in DEPRECATED in Jan 2, 2023 and it has
been mentioned on the curl-library mailing list.
It could be brought back, this is not a ban. Given proper effort and
will, gskit support is welcome back into the curl TLS backend family.
Closes #11460
show more ...
|
| #
b4f9ae51 |
| 19-Mar-2023 |
Jay Satiro |
schannel: fix user-set legacy algorithms in Windows 10 & 11
- If the user set a legacy algorithm list (CURLOPT_SSL_CIPHER_LIST) then
use the SCHANNEL_CRED legacy structure to pass the
schannel: fix user-set legacy algorithms in Windows 10 & 11
- If the user set a legacy algorithm list (CURLOPT_SSL_CIPHER_LIST) then
use the SCHANNEL_CRED legacy structure to pass the list to Schannel.
- If the user set both a legacy algorithm list and a TLS 1.3 cipher list
then abort.
Although MS doesn't document it, Schannel will not negotiate TLS 1.3
when SCHANNEL_CRED is used. That means setting a legacy algorithm list
limits the user to earlier versions of TLS.
Prior to this change, since 8beff435 (precedes 7.85.0), libcurl would
ignore legacy algorithms in Windows 10 1809 and later.
Reported-by: zhihaoy@users.noreply.github.com
Fixes https://github.com/curl/curl/pull/10741
Closes https://github.com/curl/curl/pull/10746
show more ...
|
| #
86eff0b0 |
| 30-Jul-2023 |
Viktor Szakats |
nss: delete more NSS references
Fix the distcheck CI failure and delete more NSS references.
Follow-up to 7c8bae0d9c9b2dfeeb008b9a316117d7b9675175
Reviewed-by: Marcel Raad
nss: delete more NSS references
Fix the distcheck CI failure and delete more NSS references.
Follow-up to 7c8bae0d9c9b2dfeeb008b9a316117d7b9675175
Reviewed-by: Marcel Raad
Reviewed-by: Daniel Stenberg
Closes #11548
show more ...
|
| #
22c92a6d |
| 25-Jun-2023 |
Daniel Stenberg |
docs: use a space after RFC when spelling out RFC numbers
Closes #11382
|
| #
fd1ce3d4 |
| 20-Sep-2022 |
Daniel Stenberg |
docs: spellfixes
Pointed by the new CI job
|
| #
8beff435 |
| 22-Jul-2022 |
Wyatt O'Day |
schannel: Add TLS 1.3 support
- Support TLS 1.3 as the default max TLS version for Windows Server 2022
and Windows 11.
- Support specifying TLS 1.3 ciphers via existing option
schannel: Add TLS 1.3 support
- Support TLS 1.3 as the default max TLS version for Windows Server 2022
and Windows 11.
- Support specifying TLS 1.3 ciphers via existing option
CURLOPT_TLS13_CIPHERS (tool: --tls13-ciphers).
Closes https://github.com/curl/curl/pull/8419
show more ...
|
| #
f5d79619 |
| 06-Dec-2021 |
Jan Venekamp <1422460+jan2000@users.noreply.github.com> |
BearSSL: add CURLOPT_SSL_CIPHER_LIST support
Closes #8477
|
| #
b341b767 |
| 27-Jan-2022 |
Antoine Pietri |
docs: grammar proofread, typo fixes
(Partially automated) proofread of most of the documentation, leading to
various typo fixes.
Closes #8353
|
| #
1760258b |
| 16-Dec-2021 |
Daniel Stenberg |
docs: fix dead links, remove ECH.md
|
| #
e30b2064 |
| 09-Dec-2021 |
Daniel Stenberg |
docs: fix proselint nits
- remove a lot of exclamation marks
- use consistent spaces (1, not 2)
- use better words at some places
Closes #8123
|
|
Revision tags: curl-7_76_1, curl-7_76_0 |
|
| #
67d3afa7 |
| 12-Mar-2021 |
Morten Minde Neergaard <169057+xim@users.noreply.github.com> |
schannel: Support strong crypto option
- Support enabling strong crypto via optional user cipher list when
USE_STRONG_CRYPTO or SCH_USE_STRONG_CRYPTO is in the list.
MSDN says
schannel: Support strong crypto option
- Support enabling strong crypto via optional user cipher list when
USE_STRONG_CRYPTO or SCH_USE_STRONG_CRYPTO is in the list.
MSDN says SCH_USE_STRONG_CRYPTO "Instructs Schannel to disable known
weak cryptographic algorithms, cipher suites, and SSL/TLS protocol
versions that may be otherwise enabled for better interoperability."
Ref: https://curl.se/mail/lib-2021-02/0066.html
Ref: https://curl.se/docs/manpage.html#--ciphers
Ref: https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html
Ref: https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred
Closes https://github.com/curl/curl/pull/6734
show more ...
|
|
Revision tags: curl-7_75_0, curl-7_74_0 |
|
| #
4d2f8006 |
| 04-Nov-2020 |
Daniel Stenberg |
curl.se: new home
Closes #6172
|
|
Revision tags: curl-7_73_0, tiny-curl-7_72_0, curl-7_72_0, curl-7_71_1, curl-7_71_0, curl-7_70_0, curl-7_69_1, curl-7_69_0, curl-7_68_0, curl-7_67_0, curl-7_66_0, curl-7_65_3, curl-7_65_2 |
|
| #
fea01203 |
| 10-Jul-2019 |
georgeok |
CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH
If the SSL backend is Schannel and the user specifies an Schannel CALG_
that is not supported by the protocol or the server th
CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH
If the SSL backend is Schannel and the user specifies an Schannel CALG_
that is not supported by the protocol or the server then curl returns
CURLE_SSL_CONNECT_ERROR (35) SEC_E_ALGORITHM_MISMATCH.
Fixes https://github.com/curl/curl/issues/3389
Closes https://github.com/curl/curl/pull/4106
show more ...
|
|
Revision tags: curl-7_65_1 |
|
| #
7e590b3e |
| 27-May-2019 |
Daniel Stenberg |
tls13-docs: mention it is only for OpenSSL >= 1.1.1
Reported-by: Jay Satiro
Co-authored-by: Jay Satiro
Fixes #3938
Closes #3946
|
|
Revision tags: curl-7_65_0 |
|
| #
319ae907 |
| 17-May-2019 |
Hubert Kario |
nss: allow to specify TLS 1.3 ciphers if supported by NSS
Closes #3916
|
| #
f3e0f071 |
| 16-May-2019 |
Viktor Szakats |
docs: Markdown and misc improvements [ci skip]
Approved-by: Daniel Stenberg
Closes #3896
|
|
Revision tags: curl-7_64_1 |
|
| #
531b7ad4 |
| 24-Feb-2019 |
georgeok |
schannel: support CALG_ECDH_EPHEM algorithm
Add support for Ephemeral elliptic curve Diffie-Hellman key exchange
algorithm option when selecting ciphers. This became available on the
schannel: support CALG_ECDH_EPHEM algorithm
Add support for Ephemeral elliptic curve Diffie-Hellman key exchange
algorithm option when selecting ciphers. This became available on the
Win10 SDK.
Closes https://github.com/curl/curl/pull/3608
show more ...
|
|
Revision tags: curl-7_64_0, curl-7_63_0, curl-7_62_0 |
|
| #
067992ba |
| 26-Oct-2018 |
Daniel Stenberg |
docs/CIPHERS: fix the TLS 1.3 cipher names
... picked straight from the OpenSSL man page:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html
Reported-by:
docs/CIPHERS: fix the TLS 1.3 cipher names
... picked straight from the OpenSSL man page:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html
Reported-by: Ricky-Tigg on github
Bug: #3178
show more ...
|
