cURL / Mailing Lists / curl-library / Single Mail

curl-library

[Patch v3 3/3] curl --tlsv1.3: force TLS 1.3

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Thu, 3 Nov 2016 10:22:13 +0100

Fully implemented with the NSS backend only for now.

---
 docs/curl.1         | 10 +++++++---
 src/tool_getparam.c |  5 +++++
 src/tool_help.c     |  1 +
 src/tool_setopt.c   |  1 +
 4 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/docs/curl.1 b/docs/curl.1
index f5375ed..e9c6150 100644
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -176,9 +176,9 @@ HTTP 2 to negotiate HTTP 2 support with the server during https sessions.
 .IP "-1, --tlsv1"
 (SSL)
 Forces curl to use TLS version 1.x when negotiating with a remote TLS server.
-You can use options \fI--tlsv1.0\fP, \fI--tlsv1.1\fP, and \fI--tlsv1.2\fP to
-control the TLS version more precisely (if the SSL backend in use supports such
-a level of control).
+You can use options \fI--tlsv1.0\fP, \fI--tlsv1.1\fP, \fI--tlsv1.2\fP, and
+\fI--tlsv1.3\fP to control the TLS version more precisely (if the SSL backend
+in use supports such a level of control).
 .IP "-2, --sslv2"
 (SSL) Forces curl to use SSL version 2 when negotiating with a remote SSL
 server. Sometimes curl is built without SSLv2 support. SSLv2 is widely
@@ -1820,6 +1820,10 @@ Forces curl to use TLS version 1.1 when negotiating with a remote TLS server.
 (SSL)
 Forces curl to use TLS version 1.2 when negotiating with a remote TLS server.
 (Added in 7.34.0)
+.IP "--tlsv1.3"
+(SSL)
+Forces curl to use TLS version 1.3 when negotiating with a remote TLS server.
+(Added in 7.51.1)
 .IP "--tr-encoding"
 (HTTP) Request a compressed Transfer-Encoding response using one of the
 algorithms curl supports, and uncompress the data while receiving it.
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 95dd455..2d16e06 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -190,6 +190,7 @@ static const struct LongShort aliases[]= {
   {"10",  "tlsv1.0",                 FALSE},
   {"11",  "tlsv1.1",                 FALSE},
   {"12",  "tlsv1.2",                 FALSE},
+  {"13",  "tlsv1.3",                 FALSE},
   {"2",  "sslv2",                    FALSE},
   {"3",  "sslv3",                    FALSE},
   {"4",  "ipv4",                     FALSE},
@@ -1061,6 +1062,10 @@ ParameterError getparameter(char *flag,    /* f or -long-flag */
         /* TLS version 1.2 */
         config->ssl_version = CURL_SSLVERSION_TLSv1_2;
         break;
+      case '3':
+        /* TLS version 1.3 */
+        config->ssl_version = CURL_SSLVERSION_TLSv1_3;
+        break;
       }
       break;
     case '2':
diff --git a/src/tool_help.c b/src/tool_help.c
index fb428c9..9890cc8 100644
--- a/src/tool_help.c
+++ b/src/tool_help.c
@@ -232,6 +232,7 @@ static const char *const helptext[] = {
   "     --tlsv1.0       Use TLSv1.0 (SSL)",
   "     --tlsv1.1       Use TLSv1.1 (SSL)",
   "     --tlsv1.2       Use TLSv1.2 (SSL)",
+  "     --tlsv1.3       Use TLSv1.3 (SSL)",
   "     --trace FILE    Write a debug trace to FILE",
   "     --trace-ascii FILE  Like --trace, but without hex output",
   "     --trace-time    Add time stamps to trace/verbose output",
diff --git a/src/tool_setopt.c b/src/tool_setopt.c
index c854225..f3de09d 100644
--- a/src/tool_setopt.c
+++ b/src/tool_setopt.c
@@ -83,6 +83,7 @@ const NameValue setopt_nv_CURL_SSLVERSION[] = {
   NV(CURL_SSLVERSION_TLSv1_0),
   NV(CURL_SSLVERSION_TLSv1_1),
   NV(CURL_SSLVERSION_TLSv1_2),
+  NV(CURL_SSLVERSION_TLSv1_3),
   NVEND,
 };
 
-- 
2.7.4
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:  https://curl.haxx.se/mail/etiquette.html
Received on 2016-11-03