curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

curl feature request: Support for TLS groups

From: Info via curl-library <>
Date: Tue, 12 Oct 2021 09:15:18 +0200

With curl (I) added support for
explicitly setting TLS (originally elliptic) curves acceptable to the
TLS client: This enables curl to be specific in which cryptography to
use when connecting to servers offering multiple (key exchange) options.

In hindsight it was my mistake to not use the more generally applicable
"groups" terminology as per :
"prior to TLS1.3, there was only the concept of supported curves. In
TLS1.3 this was renamed to supported groups, and extended to include
Diffie Hellman groups. The group functions should be used in preference."

Therefore my suggestion (1) is to correct my mistake by replacing the
curl command line option "--curves" with the absolutely equivalent, but
more correctly named and more widely applicable option "--groups" as a)
that term could be more familiar to users, especially with the
introduction of new cryptographic algorithms using groups for
selecting/naming key exchange mechanisms (e.g., as per
and b) does not create further "option bloat".

The alternatives:

(2) Add the option "--groups" (if deleting a command line option is not
acceptable to the curl community).

(3) Don't bother (as --curves maps to --groups behind the scenes already
and thus, the suggested capability already exists in curl via the
equivalence stated in the man page above: "The curve functions are
synonyms for the equivalently named group functions and are identical in
every respect.").

Thanks in advance for your feedback as to what you deem the most
advisable way forward,


Received on 2021-10-12