[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 30/173: wolfssl: support setting cipher list
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 30/173: wolfssl: support setting cipher list |
Date: |
Fri, 24 Feb 2017 14:00:52 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to annotated tag gnurl-7.53.1
in repository gnurl.
commit bbee0d4eee0335ed129c37063ea47e14be076e57
Author: Dan Fandrich <address@hidden>
AuthorDate: Fri Jan 6 23:00:45 2017 +0100
wolfssl: support setting cipher list
---
docs/CIPHERS.md | 113 ++++++++++++++++++++++++++++
docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3 | 3 +
lib/vtls/cyassl.c | 10 +++
3 files changed, 126 insertions(+)
diff --git a/docs/CIPHERS.md b/docs/CIPHERS.md
index 9e8482098..99d261bdd 100644
--- a/docs/CIPHERS.md
+++ b/docs/CIPHERS.md
@@ -311,3 +311,116 @@ but libcurl maps them to the following case-insensitive
names.
`aes256-sha256`
`aes128-gcm-sha256`
`aes256-gcm-sha384`
+
+## WolfSSL
+
+`RC4-SHA`,
+`RC4-MD5`,
+`DES-CBC3-SHA`,
+`AES128-SHA`,
+`AES256-SHA`,
+`NULL-SHA`,
+`NULL-SHA256`,
+`DHE-RSA-AES128-SHA`,
+`DHE-RSA-AES256-SHA`,
+`DHE-PSK-AES256-GCM-SHA384`,
+`DHE-PSK-AES128-GCM-SHA256`,
+`PSK-AES256-GCM-SHA384`,
+`PSK-AES128-GCM-SHA256`,
+`DHE-PSK-AES256-CBC-SHA384`,
+`DHE-PSK-AES128-CBC-SHA256`,
+`PSK-AES256-CBC-SHA384`,
+`PSK-AES128-CBC-SHA256`,
+`PSK-AES128-CBC-SHA`,
+`PSK-AES256-CBC-SHA`,
+`DHE-PSK-AES128-CCM`,
+`DHE-PSK-AES256-CCM`,
+`PSK-AES128-CCM`,
+`PSK-AES256-CCM`,
+`PSK-AES128-CCM-8`,
+`PSK-AES256-CCM-8`,
+`DHE-PSK-NULL-SHA384`,
+`DHE-PSK-NULL-SHA256`,
+`PSK-NULL-SHA384`,
+`PSK-NULL-SHA256`,
+`PSK-NULL-SHA`,
+`HC128-MD5`,
+`HC128-SHA`,
+`HC128-B2B256`,
+`AES128-B2B256`,
+`AES256-B2B256`,
+`RABBIT-SHA`,
+`NTRU-RC4-SHA`,
+`NTRU-DES-CBC3-SHA`,
+`NTRU-AES128-SHA`,
+`NTRU-AES256-SHA`,
+`AES128-CCM-8`,
+`AES256-CCM-8`,
+`ECDHE-ECDSA-AES128-CCM`,
+`ECDHE-ECDSA-AES128-CCM-8`,
+`ECDHE-ECDSA-AES256-CCM-8`,
+`ECDHE-RSA-AES128-SHA`,
+`ECDHE-RSA-AES256-SHA`,
+`ECDHE-ECDSA-AES128-SHA`,
+`ECDHE-ECDSA-AES256-SHA`,
+`ECDHE-RSA-RC4-SHA`,
+`ECDHE-RSA-DES-CBC3-SHA`,
+`ECDHE-ECDSA-RC4-SHA`,
+`ECDHE-ECDSA-DES-CBC3-SHA`,
+`AES128-SHA256`,
+`AES256-SHA256`,
+`DHE-RSA-AES128-SHA256`,
+`DHE-RSA-AES256-SHA256`,
+`ECDH-RSA-AES128-SHA`,
+`ECDH-RSA-AES256-SHA`,
+`ECDH-ECDSA-AES128-SHA`,
+`ECDH-ECDSA-AES256-SHA`,
+`ECDH-RSA-RC4-SHA`,
+`ECDH-RSA-DES-CBC3-SHA`,
+`ECDH-ECDSA-RC4-SHA`,
+`ECDH-ECDSA-DES-CBC3-SHA`,
+`AES128-GCM-SHA256`,
+`AES256-GCM-SHA384`,
+`DHE-RSA-AES128-GCM-SHA256`,
+`DHE-RSA-AES256-GCM-SHA384`,
+`ECDHE-RSA-AES128-GCM-SHA256`,
+`ECDHE-RSA-AES256-GCM-SHA384`,
+`ECDHE-ECDSA-AES128-GCM-SHA256`,
+`ECDHE-ECDSA-AES256-GCM-SHA384`,
+`ECDH-RSA-AES128-GCM-SHA256`,
+`ECDH-RSA-AES256-GCM-SHA384`,
+`ECDH-ECDSA-AES128-GCM-SHA256`,
+`ECDH-ECDSA-AES256-GCM-SHA384`,
+`CAMELLIA128-SHA`,
+`DHE-RSA-CAMELLIA128-SHA`,
+`CAMELLIA256-SHA`,
+`DHE-RSA-CAMELLIA256-SHA`,
+`CAMELLIA128-SHA256`,
+`DHE-RSA-CAMELLIA128-SHA256`,
+`CAMELLIA256-SHA256`,
+`DHE-RSA-CAMELLIA256-SHA256`,
+`ECDHE-RSA-AES128-SHA256`,
+`ECDHE-ECDSA-AES128-SHA256`,
+`ECDH-RSA-AES128-SHA256`,
+`ECDH-ECDSA-AES128-SHA256`,
+`ECDHE-RSA-AES256-SHA384`,
+`ECDHE-ECDSA-AES256-SHA384`,
+`ECDH-RSA-AES256-SHA384`,
+`ECDH-ECDSA-AES256-SHA384`,
+`ECDHE-RSA-CHACHA20-POLY1305`,
+`ECDHE-ECDSA-CHACHA20-POLY1305`,
+`DHE-RSA-CHACHA20-POLY1305`,
+`ECDHE-RSA-CHACHA20-POLY1305-OLD`,
+`ECDHE-ECDSA-CHACHA20-POLY1305-OLD`,
+`DHE-RSA-CHACHA20-POLY1305-OLD`,
+`ADH-AES128-SHA`,
+`QSH`,
+`RENEGOTIATION-INFO`,
+`IDEA-CBC-SHA`,
+`ECDHE-ECDSA-NULL-SHA`,
+`ECDHE-PSK-NULL-SHA256`,
+`ECDHE-PSK-AES128-CBC-SHA256`,
+`PSK-CHACHA20-POLY1305`,
+`ECDHE-PSK-CHACHA20-POLY1305`,
+`DHE-PSK-CHACHA20-POLY1305`,
+`EDH-RSA-DES-CBC3-SHA`,
diff --git a/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3
b/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3
index f6b945994..5f3668a72 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3
@@ -46,6 +46,9 @@ For NSS, valid examples of cipher lists include
'rsa_rc4_128_md5',
\'rsa_aes_128_sha\', etc. With NSS you don't add/remove ciphers. If one uses
this option then all known ciphers are disabled and only those passed in are
enabled.
+
+For WolfSSL, valid examples of cipher lists include
+\'ECDHE-RSA-RC4-SHA\', 'AES256-SHA:AES256-SHA256', etc.
.SH DEFAULT
NULL, use internal default
.SH PROTOCOLS
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index 3346daa05..f494a011d 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -134,6 +134,7 @@ cyassl_connect_step1(struct connectdata *conn,
int sockindex)
{
char error_buffer[CYASSL_MAX_ERROR_SZ];
+ char *ciphers;
struct Curl_easy *data = conn->data;
struct ssl_connect_data* conssl = &conn->ssl[sockindex];
SSL_METHOD* req_method = NULL;
@@ -229,6 +230,15 @@ cyassl_connect_step1(struct connectdata *conn,
break;
}
+ ciphers = SSL_CONN_CONFIG(cipher_list);
+ if(ciphers) {
+ if(!SSL_CTX_set_cipher_list(conssl->ctx, ciphers)) {
+ failf(data, "failed setting cipher list: %s", ciphers);
+ return CURLE_SSL_CIPHER;
+ }
+ infof(data, "Cipher selection: %s\n", ciphers);
+ }
+
#ifndef NO_FILESYSTEM
/* load trusted cacert */
if(SSL_CONN_CONFIG(CAfile)) {
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 34/173: COPYING: update the generic copyright year range, (continued)
- [GNUnet-SVN] [gnurl] 34/173: COPYING: update the generic copyright year range, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 94/173: TODO: remove "Support TLS v1.3", gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 100/173: docs: proofread README.netware README.win32, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 128/173: cmdline-opts/page-footer: ftp.sunet.se is no longer an FTP mirror, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 47/173: gnutls: check for alpn and ocsp in configure, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 82/173: sws: use SOCKERRNO, not errno, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 60/173: write-out.d: 'time_total' is not always shown with ms precision, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 63/173: THANKS-filter: Jiri Malak, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 56/173: CURLOPT_PREQUOTE.3: takes a struct curl_slist*, not a char*, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 120/173: polarssl, mbedtls: Fix detection of pending data, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 30/173: wolfssl: support setting cipher list,
gnunet <=
- [GNUnet-SVN] [gnurl] 81/173: KNOWN_BUGS: HTTP/2 server push enabled when no pushes can be accepted, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 85/173: vtls: fix PolarSSL non-blocking handling, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 80/173: *.rc: escape non-ASCII/non-UTF-8 character for clarity, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 64/173: addrinfo: fix compiler warning on offsetof() use, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 51/173: url: Refactor detect_proxy(), gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 50/173: url: Fix NO_PROXY env var to work properly with --proxy option., gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 68/173: TODO: send only part of --data, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 61/173: unix_socket: add support for abstract unix domain socket, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 92/173: telnet: fix windows compiler warnings, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 84/173: vtls: fix mbedtls multi non blocking handshake., gnunet, 2017/02/24