Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Fwd: curl not sending DHE cipher suites in the outgoing ClientHello
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: M K Saravanan via curl-users <curl-users_at_lists.haxx.se>
Date: Wed, 17 Nov 2021 14:49:16 +0800
Hi,
Today while testing something, I accidentally noticed that curl is not
sending any of the DHE cipher suites (my test needed DHE testing) in
the outgoing ClientHello (I believe for security reasons it prefers
ECDHE may be, to enforce PFS). See screenshot below:
https://www.dropbox.com/s/ehr99r1pitnryep/curl-clienthello-withoutdhe.png
What should I do to enable DHE cipher suite support in curl?
$ curl -V
curl 7.69.0-DEV (x86_64-pc-linux-gnu) libcurl/7.69.0-DEV BoringSSL
zlib/1.2.11 brotli/1.0.4 libidn2/2.0.4 nghttp2/1.30.0 quiche/0.2.0
librtmp/2.3
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps
pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli HTTP2 HTTP3 HTTPS-proxy IDN IPv6
Largefile libz NTLM NTLM_WB SSL UnixSockets
with regards,
Saravanan
Date: Wed, 17 Nov 2021 14:49:16 +0800
Hi,
Today while testing something, I accidentally noticed that curl is not
sending any of the DHE cipher suites (my test needed DHE testing) in
the outgoing ClientHello (I believe for security reasons it prefers
ECDHE may be, to enforce PFS). See screenshot below:
https://www.dropbox.com/s/ehr99r1pitnryep/curl-clienthello-withoutdhe.png
What should I do to enable DHE cipher suite support in curl?
$ curl -V
curl 7.69.0-DEV (x86_64-pc-linux-gnu) libcurl/7.69.0-DEV BoringSSL
zlib/1.2.11 brotli/1.0.4 libidn2/2.0.4 nghttp2/1.30.0 quiche/0.2.0
librtmp/2.3
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps
pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli HTTP2 HTTP3 HTTPS-proxy IDN IPv6
Largefile libz NTLM NTLM_WB SSL UnixSockets
with regards,
Saravanan
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-users Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2021-11-17