Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
CURLOPT_SSL_CIPHER_LIST example in the docs
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Jeffrey Walton via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 12 Dec 2022 12:58:52 -0500
Hi Everyone,
Re: https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html
I 'm not sure this is a good example of CURLOPT_SSL_CIPHER_LIST. The
example uses "TLSv1", which is probably a better example for
CURLOPT_SSLVERSION.
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
curl_easy_setopt(curl, CURLOPT_SSL_CIPHER_LIST, "TLSv1");
ret = curl_easy_perform(curl);
curl_easy_cleanup(curl);
I think the example would be more useful if it supplied something more
practical, like the following:
const char cipher_suites[] =
"HIGH:!aNULL:!kRSA:!PSK:!SRP:!
MD5:!RC4";
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
curl_easy_setopt(curl, CURLOPT_SSL_CIPHER_LIST, cipher_suites);
ret = curl_easy_perform(curl);
curl_easy_cleanup(curl);
The cipher suites list has several benefits to users:
* selects High strength TLS ciphers.
* removes RSA key transport (!kRSA), but keeps RSA authentication (auRSA).
* removes unneeded cipher suites, like PSK and SRP.
* removes some weak and wounded algorithms, like MD5 and RC4.
* facilitates a very small ClientHello, with 50 ciphers or so.
Jeff
Date: Mon, 12 Dec 2022 12:58:52 -0500
Hi Everyone,
Re: https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html
I 'm not sure this is a good example of CURLOPT_SSL_CIPHER_LIST. The
example uses "TLSv1", which is probably a better example for
CURLOPT_SSLVERSION.
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
curl_easy_setopt(curl, CURLOPT_SSL_CIPHER_LIST, "TLSv1");
ret = curl_easy_perform(curl);
curl_easy_cleanup(curl);
I think the example would be more useful if it supplied something more
practical, like the following:
const char cipher_suites[] =
"HIGH:!aNULL:!kRSA:!PSK:!SRP:!
MD5:!RC4";
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
curl_easy_setopt(curl, CURLOPT_SSL_CIPHER_LIST, cipher_suites);
ret = curl_easy_perform(curl);
curl_easy_cleanup(curl);
The cipher suites list has several benefits to users:
* selects High strength TLS ciphers.
* removes RSA key transport (!kRSA), but keeps RSA authentication (auRSA).
* removes unneeded cipher suites, like PSK and SRP.
* removes some weak and wounded algorithms, like MD5 and RC4.
* facilitates a very small ClientHello, with 50 ciphers or so.
Jeff
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2022-12-12