Feature request: Make TLS Ciphers discoverable
Greetings.
Please find below a feature request for CURL.
Context:
A client application uses curl, and exposes options such as
my_app --tls12 --cipher-list <<PICK_A_CIPHER>>
my_app --tls13 --cipher-suite <<PICK_A_CIPHER>>
from the command line (or from a configuration file)
The cipher-list and cipher-suite options are used to ultimately invoke:
- CURLOPT_SSL_CIPHER_LIST
- CURLOPT_TLS13_CIPHERS
Now, to use the application, an end-user has to actually provide a
`known` cipher.
Supported ciphers are documented already:
https://curl.se/docs/ssl-ciphers.html
The problem is that this doc is overwhelming for an end user of my_app,
who would typically not know:
- which version of CURL is used in the build for my_app
- which SSL implementation is used when building the CURL library
- which version of the SSL implementation is used
- which compilation flags are set/unset
Request:
1)
In the command line tool, add an option to enumerate supported ciphers.
See similar features in openssl:
openssl ciphers -v
2)
In the curl library, add an API to enumerate supported ciphers.
The goal is to use this api in an application,
to implement helpers like
my_app --verbose --help cipher
which can then print the list of ciphers supported by:
- the CURL library and version actually used,
- the SSL library and version actually used,
- listing only ciphers that are compiled in the library.
Keep in mind that my_app could be deployed on a system where curl,
the command line tool, is not available
so exposing an API in the CURL library is critical here.
Beside, my_app invoking the API in the library will report ciphers for
the proper version then (in case of static linking).
Related:
https://unix.stackexchange.com/questions/208412/how-to-see-list-of-curl-ciphers
---
Thanks for your consideration.
Best regards,
-- Marc Alff
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
