Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wolfssl: Add CURLOPT_TLS13_CIPHERS support #14385

Closed
wants to merge 1 commit into from

Conversation

jan2000
Copy link
Contributor

@jan2000 jan2000 commented Aug 4, 2024

Bring setting ciphers with WolfSSL in line with other SSL backends, to make the curl interface more consistent across the backends.

Now the tls1.3 ciphers are set with the --tls13-ciphers option, when not set the default tls1.3 ciphers are used. The tls1.2 (1.1, 1.0) ciphers are set with the --ciphers option, when not set the default tls1.2 ciphers are used. The ciphers available for the connection are now a union of the tls1.3 and tls1.2 ciphers.

This changes the behaviour for WolfSSL when --ciphers is set, but --tls13-ciphers is not set. Now the ciphers set with --ciphers are combined with the default tls1.3 ciphers, whereas before solely the ciphers of --ciphers were used.

Thus before when no tls1.3 ciphers were specified in --ciphers, tls1.3 was completely disabled. This might not be what the user expected, especially as this does not happen with OpenSSL.

@github-actions github-actions bot added the tests label Aug 4, 2024
jan2000 added a commit to jan2000/curl that referenced this pull request Aug 4, 2024
jan2000 added a commit to jan2000/curl that referenced this pull request Aug 4, 2024
@bagder
Copy link
Member

bagder commented Aug 5, 2024

Can you check the merge conflict here? (Maybe due to the #14384 merge?)

Bring setting ciphers with WolfSSL in line with other SSL backends,
to make the curl interface more consistent across the backends.

Now the tls1.3 ciphers are set with the --tls13-ciphers option, when
not set the default tls1.3 ciphers are used. The tls1.2 (1.1, 1.0)
ciphers are set with the --ciphers option, when not set the default
tls1.2 ciphers are used. The ciphers available for the connection
are now a union of the tls1.3 and tls1.2 ciphers.

This changes the behaviour for WolfSSL when --ciphers is set, but
--tls13-ciphers is not set. Now the ciphers set with --ciphers
are combined with the default tls1.3 ciphers, whereas before solely
the ciphers of --ciphers were used.

Thus before when no tls1.3 ciphers were specified in --ciphers,
tls1.3 was completely disabled. This might not be what the user
expected, especially as this does not happen with OpenSSL.
@jan2000
Copy link
Contributor Author

jan2000 commented Aug 5, 2024

Yes I was afraid that would conflict. That is why the doc updates are also in a seperate PR. I have rebased.

@bagder bagder closed this in 4c12892 Aug 5, 2024
@bagder
Copy link
Member

bagder commented Aug 5, 2024

Thanks!

bagder pushed a commit that referenced this pull request Aug 5, 2024
@jan2000 jan2000 deleted the wolfssl-tls13ciphers branch August 13, 2024 19:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

Successfully merging this pull request may close these issues.

3 participants