Re: How to not send TLS 1.3 Ciphers?
Date: Wed, 15 Apr 2020 23:11:08 -0400
On 4/15/2020 6:36 PM, Mark Windshield via curl-library wrote:
> I'm trying to not send TLS 1.3 Ciphers when making a request through
> libcurl (but have the option to set them), I tried compiling openssl
> with 'define TLS_DEFAULT_CIPHERSUITES " " ' instead of it containing
> the three "default" ciphers, but when replacing openssl and using
> liubcurl with that compiled version of openssl it'd always throw a SSL
> Connect error unless I set at least one TLS1.3 Cipher via.
> CURLOPT_TLS13_CIPHERS.
> What worked was compiling openssl with "-no-tls1_3", but then I was
> obviously not able to set TLS1.3 Ciphers at all anymore.
>
> I didn't find anything on the matter so I was wondering if and then
> how it is possible to not send any TLS13_Ciphers, while still being
> able to set them via CURLTOP_TLS13_Cipher when needed?
Set the maximum TLS version to 1.2 by using --tls-max 1.2, don't mess
with the ciphersuites. For example get the headers from www.test.com
using only TLS 1.2:
curl -I --tlsv1.2 --tls-max 1.2 https://www.test.com
[1]: https://curl.haxx.se/docs/manpage.html#--tls-max
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-04-16