Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: cURL + GREASE

From: Daniel Stenberg via curl-users <curl-users_at_cool.haxx.se>
Date: Wed, 8 Apr 2020 10:01:04 +0200 (CEST)

On Tue, 7 Apr 2020, Joshua Abraham wrote:

>> Sure, sounds like decent thing that could be interesting to support.
>
> That's great to hear. I'd be open to contributing that feature!

Then I'll recommend taking further such discussions on the curl-library list
where we discuss libcurl development and related issues.

> Just a preliminary thought: this would be dependent on the underlying TLS
> library.

Yes absolutely.

> It looks like GREASE support is spotty across curl's TLS libraries.
> Examples: openssl (https://github.com/openssl/openssl/issues/9660),
> BoringSSL:
> https://boringssl.googlesource.com/boringssl/+/65ac997f20cb83eb6c7edd6712be63fe1d0f466f%5E%21/.
> Should we wait until openssl has support?

My advice: if you want this feature to have a chance of landing within months
rather than years, then don't wait. I have no idea how fast the OpenSSL team
is going to work on that feature, but what you see there in github is just *an
idea* of what to implement so it might also just never happen.

curl supports 13 TLS libraries [1] and they're not all having the exact same
feature set. In fact, I they all have different pros and cons and yet curl
supports them.

If done correctly and carefully, support for feature X (like GREASE in this
case) can be implemented with and for TLS library T first, and then we can
proceed and add support for it to other backends as well over time - if/once
they offer it and if we have contributors willing and able to write the code.

Lastly: doing anything that relies on BoringSSL is of course a risk as that's
Google's TLS library explicitly done for Google with no promises to others and
they don't even do proper releases. This said, we try hard to make sure curl
remains functional with it.

[1] = https://curl.haxx.se/dashboard1.html#tls-backends 

-- 
  / daniel.haxx.se | Commercial curl support up to 24x7 is available!
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2020-04-08