[GNUnet-SVN] [gnurl] 30/173: wolfssl: support setting cipher list

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnurl] 30/173: wolfssl: support setting cipher list

From:	gnunet
Subject:	[GNUnet-SVN] [gnurl] 30/173: wolfssl: support setting cipher list
Date:	Fri, 24 Feb 2017 14:00:52 +0100

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to annotated tag gnurl-7.53.1
in repository gnurl.

commit bbee0d4eee0335ed129c37063ea47e14be076e57
Author: Dan Fandrich <address@hidden>
AuthorDate: Fri Jan 6 23:00:45 2017 +0100

    wolfssl: support setting cipher list
---
 docs/CIPHERS.md                             | 113 ++++++++++++++++++++++++++++
 docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3 |   3 +
 lib/vtls/cyassl.c                           |  10 +++
 3 files changed, 126 insertions(+)

diff --git a/docs/CIPHERS.md b/docs/CIPHERS.md
index 9e8482098..99d261bdd 100644
--- a/docs/CIPHERS.md
+++ b/docs/CIPHERS.md
@@ -311,3 +311,116 @@ but libcurl maps them to the following case-insensitive 
names.
 `aes256-sha256`
 `aes128-gcm-sha256`
 `aes256-gcm-sha384`
+
+## WolfSSL
+
+`RC4-SHA`,
+`RC4-MD5`,
+`DES-CBC3-SHA`,
+`AES128-SHA`,
+`AES256-SHA`,
+`NULL-SHA`,
+`NULL-SHA256`,
+`DHE-RSA-AES128-SHA`,
+`DHE-RSA-AES256-SHA`,
+`DHE-PSK-AES256-GCM-SHA384`,
+`DHE-PSK-AES128-GCM-SHA256`,
+`PSK-AES256-GCM-SHA384`,
+`PSK-AES128-GCM-SHA256`,
+`DHE-PSK-AES256-CBC-SHA384`,
+`DHE-PSK-AES128-CBC-SHA256`,
+`PSK-AES256-CBC-SHA384`,
+`PSK-AES128-CBC-SHA256`,
+`PSK-AES128-CBC-SHA`,
+`PSK-AES256-CBC-SHA`,
+`DHE-PSK-AES128-CCM`,
+`DHE-PSK-AES256-CCM`,
+`PSK-AES128-CCM`,
+`PSK-AES256-CCM`,
+`PSK-AES128-CCM-8`,
+`PSK-AES256-CCM-8`,
+`DHE-PSK-NULL-SHA384`,
+`DHE-PSK-NULL-SHA256`,
+`PSK-NULL-SHA384`,
+`PSK-NULL-SHA256`,
+`PSK-NULL-SHA`,
+`HC128-MD5`,
+`HC128-SHA`,
+`HC128-B2B256`,
+`AES128-B2B256`,
+`AES256-B2B256`,
+`RABBIT-SHA`,
+`NTRU-RC4-SHA`,
+`NTRU-DES-CBC3-SHA`,
+`NTRU-AES128-SHA`,
+`NTRU-AES256-SHA`,
+`AES128-CCM-8`,
+`AES256-CCM-8`,
+`ECDHE-ECDSA-AES128-CCM`,
+`ECDHE-ECDSA-AES128-CCM-8`,
+`ECDHE-ECDSA-AES256-CCM-8`,
+`ECDHE-RSA-AES128-SHA`,
+`ECDHE-RSA-AES256-SHA`,
+`ECDHE-ECDSA-AES128-SHA`,
+`ECDHE-ECDSA-AES256-SHA`,
+`ECDHE-RSA-RC4-SHA`,
+`ECDHE-RSA-DES-CBC3-SHA`,
+`ECDHE-ECDSA-RC4-SHA`,
+`ECDHE-ECDSA-DES-CBC3-SHA`,
+`AES128-SHA256`,
+`AES256-SHA256`,
+`DHE-RSA-AES128-SHA256`,
+`DHE-RSA-AES256-SHA256`,
+`ECDH-RSA-AES128-SHA`,
+`ECDH-RSA-AES256-SHA`,
+`ECDH-ECDSA-AES128-SHA`,
+`ECDH-ECDSA-AES256-SHA`,
+`ECDH-RSA-RC4-SHA`,
+`ECDH-RSA-DES-CBC3-SHA`,
+`ECDH-ECDSA-RC4-SHA`,
+`ECDH-ECDSA-DES-CBC3-SHA`,
+`AES128-GCM-SHA256`,
+`AES256-GCM-SHA384`,
+`DHE-RSA-AES128-GCM-SHA256`,
+`DHE-RSA-AES256-GCM-SHA384`,
+`ECDHE-RSA-AES128-GCM-SHA256`,
+`ECDHE-RSA-AES256-GCM-SHA384`,
+`ECDHE-ECDSA-AES128-GCM-SHA256`,
+`ECDHE-ECDSA-AES256-GCM-SHA384`,
+`ECDH-RSA-AES128-GCM-SHA256`,
+`ECDH-RSA-AES256-GCM-SHA384`,
+`ECDH-ECDSA-AES128-GCM-SHA256`,
+`ECDH-ECDSA-AES256-GCM-SHA384`,
+`CAMELLIA128-SHA`,
+`DHE-RSA-CAMELLIA128-SHA`,
+`CAMELLIA256-SHA`,
+`DHE-RSA-CAMELLIA256-SHA`,
+`CAMELLIA128-SHA256`,
+`DHE-RSA-CAMELLIA128-SHA256`,
+`CAMELLIA256-SHA256`,
+`DHE-RSA-CAMELLIA256-SHA256`,
+`ECDHE-RSA-AES128-SHA256`,
+`ECDHE-ECDSA-AES128-SHA256`,
+`ECDH-RSA-AES128-SHA256`,
+`ECDH-ECDSA-AES128-SHA256`,
+`ECDHE-RSA-AES256-SHA384`,
+`ECDHE-ECDSA-AES256-SHA384`,
+`ECDH-RSA-AES256-SHA384`,
+`ECDH-ECDSA-AES256-SHA384`,
+`ECDHE-RSA-CHACHA20-POLY1305`,
+`ECDHE-ECDSA-CHACHA20-POLY1305`,
+`DHE-RSA-CHACHA20-POLY1305`,
+`ECDHE-RSA-CHACHA20-POLY1305-OLD`,
+`ECDHE-ECDSA-CHACHA20-POLY1305-OLD`,
+`DHE-RSA-CHACHA20-POLY1305-OLD`,
+`ADH-AES128-SHA`,
+`QSH`,
+`RENEGOTIATION-INFO`,
+`IDEA-CBC-SHA`,
+`ECDHE-ECDSA-NULL-SHA`,
+`ECDHE-PSK-NULL-SHA256`,
+`ECDHE-PSK-AES128-CBC-SHA256`,
+`PSK-CHACHA20-POLY1305`,
+`ECDHE-PSK-CHACHA20-POLY1305`,
+`DHE-PSK-CHACHA20-POLY1305`,
+`EDH-RSA-DES-CBC3-SHA`,
diff --git a/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3 
b/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3
index f6b945994..5f3668a72 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3
@@ -46,6 +46,9 @@ For NSS, valid examples of cipher lists include 
'rsa_rc4_128_md5',
 \'rsa_aes_128_sha\', etc. With NSS you don't add/remove ciphers. If one uses
 this option then all known ciphers are disabled and only those passed in are
 enabled.
+
+For WolfSSL, valid examples of cipher lists include
+\'ECDHE-RSA-RC4-SHA\', 'AES256-SHA:AES256-SHA256', etc.
 .SH DEFAULT
 NULL, use internal default
 .SH PROTOCOLS
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index 3346daa05..f494a011d 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -134,6 +134,7 @@ cyassl_connect_step1(struct connectdata *conn,
                      int sockindex)
 {
   char error_buffer[CYASSL_MAX_ERROR_SZ];
+  char *ciphers;
   struct Curl_easy *data = conn->data;
   struct ssl_connect_data* conssl = &conn->ssl[sockindex];
   SSL_METHOD* req_method = NULL;
@@ -229,6 +230,15 @@ cyassl_connect_step1(struct connectdata *conn,
     break;
   }
 
+  ciphers = SSL_CONN_CONFIG(cipher_list);
+  if(ciphers) {
+    if(!SSL_CTX_set_cipher_list(conssl->ctx, ciphers)) {
+      failf(data, "failed setting cipher list: %s", ciphers);
+      return CURLE_SSL_CIPHER;
+    }
+    infof(data, "Cipher selection: %s\n", ciphers);
+  }
+
 #ifndef NO_FILESYSTEM
   /* load trusted cacert */
   if(SSL_CONN_CONFIG(CAfile)) {

-- 
To stop receiving notification emails like this one, please contact
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [gnurl] 34/173: COPYING: update the generic copyright year range, (continued)
- [GNUnet-SVN] [gnurl] 34/173: COPYING: update the generic copyright year range, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 94/173: TODO: remove "Support TLS v1.3", gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 100/173: docs: proofread README.netware README.win32, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 128/173: cmdline-opts/page-footer: ftp.sunet.se is no longer an FTP mirror, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 47/173: gnutls: check for alpn and ocsp in configure, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 82/173: sws: use SOCKERRNO, not errno, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 60/173: write-out.d: 'time_total' is not always shown with ms precision, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 63/173: THANKS-filter: Jiri Malak, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 56/173: CURLOPT_PREQUOTE.3: takes a struct curl_slist*, not a char*, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 120/173: polarssl, mbedtls: Fix detection of pending data, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 30/173: wolfssl: support setting cipher list, gnunet <=
- [GNUnet-SVN] [gnurl] 81/173: KNOWN_BUGS: HTTP/2 server push enabled when no pushes can be accepted, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 85/173: vtls: fix PolarSSL non-blocking handling, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 80/173: *.rc: escape non-ASCII/non-UTF-8 character for clarity, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 64/173: addrinfo: fix compiler warning on offsetof() use, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 51/173: url: Refactor detect_proxy(), gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 50/173: url: Fix NO_PROXY env var to work properly with --proxy option., gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 68/173: TODO: send only part of --data, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 61/173: unix_socket: add support for abstract unix domain socket, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 92/173: telnet: fix windows compiler warnings, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 84/173: vtls: fix mbedtls multi non blocking handshake., gnunet, 2017/02/24

Prev by Date: [GNUnet-SVN] [gnurl] 120/173: polarssl, mbedtls: Fix detection of pending data
Next by Date: [GNUnet-SVN] [gnurl] 81/173: KNOWN_BUGS: HTTP/2 server push enabled when no pushes can be accepted
Previous by thread: [GNUnet-SVN] [gnurl] 120/173: polarssl, mbedtls: Fix detection of pending data
Next by thread: [GNUnet-SVN] [gnurl] 81/173: KNOWN_BUGS: HTTP/2 server push enabled when no pushes can be accepted
Index(es):
- Date
- Thread