[Request] Update curl to support TLS v1.3 #121
Labels
fix committed
A fix for this issue has been committed. Will soon be closed.
Comments
|
actually curl with darwinssl isn't supporting TLS 1.3 because SecureTransport isn't supporting TLS 1.3, see curl/curl#4524 . so we need to build cURL with other ssl libraries, like openssl, LibreSSL, NSS, etc... |
|
Just curious, what SSL library is the macOS default curl ( |
|
It seems that macOS Ventura bundles LibreSSL 3.3.6 and it supports TLS 1.3, so the macOS' curl is probably built with it. |
|
This issue appears to be resolved in a-Shell 1.12.2. Should I close it? $ curl -v --tlsv1.3 --head https://1.1.1.1
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 1.1.1.1:443...
* Connected to 1.1.1.1 (1.1.1.1) port 443 (#0)
* ALPN: offers http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [225 bytes data]
* CAfile: /private/var/containers/Bundle/Application/A76E41CB-D4B6-488F-9722-1BDA7BA041A8/a-Shell.app/cacert.pem
* CApath: none
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [21 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2598 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [79 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=cloudflare-dns.com
* start date: Jan 12 00:00:00 2023 GMT
* expire date: Jan 11 23:59:59 2024 GMT
* subjectAltName: host "1.1.1.1" matched cert's IP address!
* issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1
* SSL certificate verify ok.
* using HTTP/1.1
} [5 bytes data]
> HEAD / HTTP/1.1
> Host: 1.1.1.1
> User-Agent: curl/8.1.2
> Accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [230 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [230 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Wed, 23 Aug 2023 18:10:12 GMT
Date: Wed, 23 Aug 2023 18:10:12 GMT
< Content-Type: text/html
Content-Type: text/html
< Connection: keep-alive
Connection: keep-alive
< Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QtEXADrzYRTQvgUO2v7BXLzUi1rSs2eI8p1UtRDdVGCFZ3abZjYxmgT4%2B1yKHoSI%2FfNkiLAHE2H8ohadRI9rm0LA6qG0cZlNw7pIBz9udrKPUd4pI3VIyIg%3D"}],"group":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QtEXADrzYRTQvgUO2v7BXLzUi1rSs2eI8p1UtRDdVGCFZ3abZjYxmgT4%2B1yKHoSI%2FfNkiLAHE2H8ohadRI9rm0LA6qG0cZlNw7pIBz9udrKPUd4pI3VIyIg%3D"}],"group":"cf-nel","max_age":604800}
< NEL: {"report_to":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
< Last-Modified: Fri, 21 Jul 2023 21:11:33 GMT
Last-Modified: Fri, 21 Jul 2023 21:11:33 GMT
< Strict-Transport-Security: max-age=31536000
Strict-Transport-Security: max-age=31536000
< Served-In-Seconds: 0.002
Served-In-Seconds: 0.002
< Cache-Control: public, max-age=14400
Cache-Control: public, max-age=14400
< CF-Cache-Status: HIT
CF-Cache-Status: HIT
< Age: 549
Age: 549
< Expires: Wed, 23 Aug 2023 22:10:12 GMT
Expires: Wed, 23 Aug 2023 22:10:12 GMT
< Set-Cookie: __cf_bm=PkNHLEZabTk_K9ZSoEsYI8ffSv7RNZYIsY7ykvCzxxE-1692814212-0-AagKbzzk5bl9iMvDTS0kCiXmxTtpcWI6WVXFS1dDkl0qw6Lb41o4WMUJbMSTISiP9d5C0EmMspyHIyIKZFxtnHU=; path=/; expires=Wed, 23-Aug-23 18:40:12 GMT; domain=.every1dns.com; HttpOnly; Secure; SameSite=None
Set-Cookie: __cf_bm=PkNHLEZabTk_K9ZSoEsYI8ffSv7RNZYIsY7ykvCzxxE-1692814212-0-AagKbzzk5bl9iMvDTS0kCiXmxTtpcWI6WVXFS1dDkl0qw6Lb41o4WMUJbMSTISiP9d5C0EmMspyHIyIKZFxtnHU=; path=/; expires=Wed, 23-Aug-23 18:40:12 GMT; domain=.every1dns.com; HttpOnly; Secure; SameSite=None
< Server: cloudflare
Server: cloudflare
< CF-RAY: 7fb54f9dfc4b0aa8-NRT
CF-RAY: 7fb54f9dfc4b0aa8-NRT
< alt-svc: h3=":443"; ma=86400
alt-svc: h3=":443"; ma=86400
<
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Connection #0 to host 1.1.1.1 left intact$ curl -V
curl 8.1.2 (x86_64-apple-darwin22.5.0) libcurl/8.1.2 OpenSSL/1.1.1k zlib/1.2.12
Release-Date: 2023-05-30
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HSTS HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL threadsafe TLS-SRP UnixSockets |
|
Yes, I updated curl to a more advanced version in the latest TestFlight. |
holzschu
added
the
fix committed
|
Thank you so much! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, ios_system's curl can't download HTTPS site's contents using TLS v1.3.
I think that you built curl 7.51.0 with
--with-darwinsslflag. If so, is it possible to update curl to 7.56.1 or later?curl with darwinssl has supported TLS v1.3 since 7.56.1.
The text was updated successfully, but these errors were encountered: