Hello, I found a miss match in the documentation of ciphers for curl and modnss. I'm not sure who is wrong here or if its simple lack in documentation of ciphersuites. So I cross post it.
I followed the curl doc "CURLOPT_SSL_CIPHER_LIST" explained here https://curl.haxx.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html and then I followed this hint: For NSS, valid examples of cipher lists include 'rsa_rc4_128_md5', ´rsa_aes_128_sha´, etc. With NSS you don't add/remove ciphers. If one uses this option then all known ciphers are disabled and only those passed in are enabled. You'll find more details about the NSS cipher lists on this URL: http://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives So if I'm using the ciphers in curl like specified there: <li>ecdhe_ecdsa_aes_128_sha_256</li> so here is no gcm and cbc mentioned. in curl I got: Unknown cipher in list: ecdhe_ecdsa_aes_128_sha_256 with gcm or with cbc in the cipher string it is working fine: ecdhe_ecdsa_aes_128_gcm_sha_256,ecdhe_ecdsa_aes_128_cbc_sha_256 But this to nowhere specified. Is this a wrong documentation or is this inaccurate in curl or nss? Best regards, Oliver ------------------------------------------------------------------- List admin: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
