[Mod_nss-list] NSS cipher list in CURLOPT_SSL_CIPHER_LIST
Oliver Graute
oliver.graute at gmail.com
Tue May 17 12:45:50 UTC 2016
Hello,
I found a miss match in the documentation of ciphers for curl and
modnss. I'm not sure who is wrong here or if its simple lack in
documentation of ciphersuites. So I cross post it.
I followed the curl doc "CURLOPT_SSL_CIPHER_LIST" explained here
https://curl.haxx.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html
and then I followed this hint:
For NSS, valid examples of cipher lists include 'rsa_rc4_128_md5', ´rsa_aes_128_sha´, etc.
With NSS you don't add/remove ciphers. If one uses this option then all known ciphers are
disabled and only those passed in are enabled.
You'll find more details about the NSS cipher lists on this URL:
http://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives
So if I'm using the ciphers in curl like specified there:
<li>ecdhe_ecdsa_aes_128_sha_256</li>
so here is no gcm and cbc mentioned.
in curl I got:
Unknown cipher in list: ecdhe_ecdsa_aes_128_sha_256
with gcm or with cbc in the cipher string it is working fine:
ecdhe_ecdsa_aes_128_gcm_sha_256,ecdhe_ecdsa_aes_128_cbc_sha_256
But this to nowhere specified.
Is this a wrong documentation or is this inaccurate in curl or nss?
Best regards,
Oliver
More information about the Mod_nss-list
mailing list