On 4/15/2020 6:36 PM, Mark Windshield via curl-library wrote:
I'm trying to not send TLS 1.3 Ciphers when making a request through
libcurl (but have the option to set them), I tried compiling openssl
with 'define TLS_DEFAULT_CIPHERSUITES " " ' instead of it containing
the three "default" ciphers, but when replacing openssl and using
liubcurl with that compiled version of openssl it'd always throw a SSL
Connect error unless I set at least one TLS1.3 Cipher via.
CURLOPT_TLS13_CIPHERS.
What worked was compiling openssl with "-no-tls1_3", but then I was
obviously not able to set TLS1.3 Ciphers at all anymore.
I didn't find anything on the matter so I was wondering if and then
how it is possible to not send any TLS13_Ciphers, while still being
able to set them via CURLTOP_TLS13_Cipher when needed?
Set the maximum TLS version to 1.2 by using --tls-max 1.2, don't mess
with the ciphersuites. For example get the headers from www.test.com
using only TLS 1.2:
curl -I --tlsv1.2 --tls-max 1.2 https://www.test.com
[1]: https://curl.haxx.se/docs/manpage.html#--tls-max
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
