New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding support for --ciphers in WinSSL/Schannel... #2630
Conversation
…ntstraints of SChannel, I'm exposing these as the algorithms themselves instead; while replicating the ciphersuite as specified by OpenSSL would have been preferable, I found no way in the SChannel API to do so. To use this from the commandline, you need to pass the names of contants defining the desired algorithms. For example, curl --ciphers "CALG_SHA1:CALG_RSA_SIGN:CALG_RSA_KEYX:CALG_AES_128:CALG_DH_EPHEM" https://github.com The specific names come from wincrypt.h
Remember
|
Let me know if there is anything further I should do around this change. |
I think it'd be good to also get the ciphers documented in |
@RobertPragSymc if you can just amend the docs, I'm ready to merge! |
encryption algorithm selection is available in WinSSL.
I'm not sure how, but my documentation change seems to have caused a unit test to fail for the wolfssl debug build: test 1455...[HTTP GET when PROXY Protocol enabled] Is this known flakiness, or have I broken something clever? |
Not your fault. 1455 has been flaky recently! :-( |
Thanks, landed. I took the liberty of changing the name in your commit so that you will end up getting credited correctly. I hope I didn't overstep anything... |
Adding support for selecting ciphers in WinSSL/Schannel. Given the
contstraints of SChannel, I'm exposing these as the algorithms
themselves instead; while replicating the ciphersuite as specified by
OpenSSL would have been preferable, I found no way in the SChannel API
to do so.
To use this from the commandline, you need to pass the names of contants
defining the desired algorithms. For example:
curl --ciphers "CALG_SHA_256:CALG_RSA_SIGN:CALG_RSA_KEYX:CALG_AES_128:CALG_DH_EPHEM" https://github.com
The specific names come from wincrypt.h
This is an attempt to implement
https://curl.haxx.se/docs/todo.html#Add_support_for_the_ciphers_op
limited by the oddities of how SChannel handles encryption algorithms.