curl-library
[Patch v3 3/3] curl --tlsv1.3: force TLS 1.3
From: Kamil Dudka <kdudka_at_redhat.com>
Date: Thu, 3 Nov 2016 10:22:13 +0100
Date: Thu, 3 Nov 2016 10:22:13 +0100
Fully implemented with the NSS backend only for now.
--- docs/curl.1 | 10 +++++++--- src/tool_getparam.c | 5 +++++ src/tool_help.c | 1 + src/tool_setopt.c | 1 + 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/docs/curl.1 b/docs/curl.1 index f5375ed..e9c6150 100644 --- a/docs/curl.1 +++ b/docs/curl.1 @@ -176,9 +176,9 @@ HTTP 2 to negotiate HTTP 2 support with the server during https sessions. .IP "-1, --tlsv1" (SSL) Forces curl to use TLS version 1.x when negotiating with a remote TLS server. -You can use options \fI--tlsv1.0\fP, \fI--tlsv1.1\fP, and \fI--tlsv1.2\fP to -control the TLS version more precisely (if the SSL backend in use supports such -a level of control). +You can use options \fI--tlsv1.0\fP, \fI--tlsv1.1\fP, \fI--tlsv1.2\fP, and +\fI--tlsv1.3\fP to control the TLS version more precisely (if the SSL backend +in use supports such a level of control). .IP "-2, --sslv2" (SSL) Forces curl to use SSL version 2 when negotiating with a remote SSL server. Sometimes curl is built without SSLv2 support. SSLv2 is widely @@ -1820,6 +1820,10 @@ Forces curl to use TLS version 1.1 when negotiating with a remote TLS server. (SSL) Forces curl to use TLS version 1.2 when negotiating with a remote TLS server. (Added in 7.34.0) +.IP "--tlsv1.3" +(SSL) +Forces curl to use TLS version 1.3 when negotiating with a remote TLS server. +(Added in 7.51.1) .IP "--tr-encoding" (HTTP) Request a compressed Transfer-Encoding response using one of the algorithms curl supports, and uncompress the data while receiving it. diff --git a/src/tool_getparam.c b/src/tool_getparam.c index 95dd455..2d16e06 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -190,6 +190,7 @@ static const struct LongShort aliases[]= { {"10", "tlsv1.0", FALSE}, {"11", "tlsv1.1", FALSE}, {"12", "tlsv1.2", FALSE}, + {"13", "tlsv1.3", FALSE}, {"2", "sslv2", FALSE}, {"3", "sslv3", FALSE}, {"4", "ipv4", FALSE}, @@ -1061,6 +1062,10 @@ ParameterError getparameter(char *flag, /* f or -long-flag */ /* TLS version 1.2 */ config->ssl_version = CURL_SSLVERSION_TLSv1_2; break; + case '3': + /* TLS version 1.3 */ + config->ssl_version = CURL_SSLVERSION_TLSv1_3; + break; } break; case '2': diff --git a/src/tool_help.c b/src/tool_help.c index fb428c9..9890cc8 100644 --- a/src/tool_help.c +++ b/src/tool_help.c @@ -232,6 +232,7 @@ static const char *const helptext[] = { " --tlsv1.0 Use TLSv1.0 (SSL)", " --tlsv1.1 Use TLSv1.1 (SSL)", " --tlsv1.2 Use TLSv1.2 (SSL)", + " --tlsv1.3 Use TLSv1.3 (SSL)", " --trace FILE Write a debug trace to FILE", " --trace-ascii FILE Like --trace, but without hex output", " --trace-time Add time stamps to trace/verbose output", diff --git a/src/tool_setopt.c b/src/tool_setopt.c index c854225..f3de09d 100644 --- a/src/tool_setopt.c +++ b/src/tool_setopt.c @@ -83,6 +83,7 @@ const NameValue setopt_nv_CURL_SSLVERSION[] = { NV(CURL_SSLVERSION_TLSv1_0), NV(CURL_SSLVERSION_TLSv1_1), NV(CURL_SSLVERSION_TLSv1_2), + NV(CURL_SSLVERSION_TLSv1_3), NVEND, }; -- 2.7.4 ------------------------------------------------------------------- List admin: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2016-11-03