curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: CURLOPT_SSL_CIPHER_LIST example in the docs

From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 12 Dec 2022 20:47:27 +0100 (CET)

On Mon, 12 Dec 2022, Jeffrey Walton via curl-library wrote:

> I'm not sure this is a good example of CURLOPT_SSL_CIPHER_LIST. The example
> uses "TLSv1", which is probably a better example for CURLOPT_SSLVERSION.

I agree that it is not the best example.

> "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4";

I'm however not convined this is the perfect replacement. This is a highly
OpenSSL specific line and it doesn't mention a single cipher.

For the man page, would it not make more sense to specify a cipher or two in a
list? Like maybe:

  "ECDHE-ECDSA-AES128-SHA256:AES256-SHA256"

This does not imply that we think anyone should actually set this specific
string.

-- 
  / daniel.haxx.se
  | Commercial curl support up to 24x7 is available!
  | Private help, bug fixes, support, ports, new features
  | https://curl.se/support.html
-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2022-12-12