Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
Clarify setting TLS 1.3 ciphers using different backends #3938
I did this
#2607 added CURLOPT_TLS13_CIPHERS and --tls13-ciphers. They're documented as setting TLS 1.3 cipher suites, though the lib option shows in AVAILABILITY that "OpenSSL >= 1.1.1" and the option only works when SSLSUPP_TLS13_CIPHERSUITES which is only enabled for OpenSSL.
I expected the following
I find this confusing. I figured based on the docs and SSL Ciphers we had a separate option to set TLS 1.3 ciphers only to discover that that only applies only to OpenSSL, and other backends use regular --ciphers?
That option is only used for OpenSSL yes, we should clarify that in the
Reported-by: Jay Satiro Fixes #3938
Right. We are working in #3946 to clarify it's currently only for OpenSSL and that for other SSL backends try the regular respective cipher option. Possibly for other SSL backends if they support TLS 1.3 ciphers the same as any other cipher we could just concatenate whatever the user set in the 1.3 list to the regular one.