cURL / Mailing Lists / curl-library / Single Mail

curl-library

NSS cipher list in CURLOPT_SSL_CIPHER_LIST

From: Oliver Graute <oliver.graute_at_gmail.com>
Date: Tue, 17 May 2016 14:45:50 +0200

Hello,

I found a miss match in the documentation of ciphers for curl and
modnss. I'm not sure who is wrong here or if its simple lack in
documentation of ciphersuites. So I cross post it.

I followed the curl doc "CURLOPT_SSL_CIPHER_LIST" explained here
https://curl.haxx.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html

and then I followed this hint:

For NSS, valid examples of cipher lists include 'rsa_rc4_128_md5', ´rsa_aes_128_sha´, etc.
 With NSS you don't add/remove ciphers. If one uses this option then all known ciphers are
 disabled and only those passed in are enabled.

You'll find more details about the NSS cipher lists on this URL:

http://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives

So if I'm using the ciphers in curl like specified there:

<li>ecdhe_ecdsa_aes_128_sha_256</li>

so here is no gcm and cbc mentioned.

in curl I got:
Unknown cipher in list: ecdhe_ecdsa_aes_128_sha_256

with gcm or with cbc in the cipher string it is working fine:

ecdhe_ecdsa_aes_128_gcm_sha_256,ecdhe_ecdsa_aes_128_cbc_sha_256

But this to nowhere specified.

Is this a wrong documentation or is this inaccurate in curl or nss?

Best regards,

Oliver
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-05-17