On Mon, 12 Dec 2022, Jeffrey Walton via curl-library wrote:

I'm not sure this is a good example of CURLOPT_SSL_CIPHER_LIST. The example uses "TLSv1", which is probably a better example for CURLOPT_SSLVERSION.

I agree that it is not the best example.

       "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4";

I'm however not convined this is the perfect replacement. This is a highly OpenSSL specific line and it doesn't mention a single cipher.

For the man page, would it not make more sense to specify a cipher or two in a list? Like maybe:

 "ECDHE-ECDSA-AES128-SHA256:AES256-SHA256"

This does not imply that we think anyone should actually set this specific string.

--

 / daniel.haxx.se
 | Commercial curl support up to 24x7 is available!
 | Private help, bug fixes, support, ports, new features
 | https://curl.se/support.html
--
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Reply via email to