Lines Matching +full:- +full:- +full:with +full:- +full:schannel

1 <!--
4 SPDX-License-Identifier: curl
5 -->
9 With curl's option
10 [`--tls13-ciphers`](https://curl.se/docs/manpage.html#--tls13-ciphers)
14 connections. With option
15 [`--ciphers`](https://curl.se/docs/manpage.html#--ciphers)
25 using [`--tlsv1.3`](https://curl.se/docs/manpage.html#--tlsv13)
27 with `CURL_SSLVERSION_TLSv1_3`.
43 Setting TLS 1.3 cipher suites is supported by curl with
47 The list of cipher suites that can be used for the `--tls13-ciphers` option:
65 Setting TLS 1.2 cipher suites is supported by curl with OpenSSL, LibreSSL,
67 Secure Transport (curl 7.77.0+) and BearSSL (curl 7.83.0+). Schannel does not
69 (curl 7.61.0+), see Schannel notes below.
72 are with OpenSSL names (e.g. `ECDHE-RSA-AES128-GCM-SHA256`) and IANA names
76 TLS 1.2 cipher suites with curl it is recommended that you use OpenSSL names
79 The complete list of cipher suites that may be considered for the `--ciphers`
88 `--ciphers` option:
90 ECDHE-ECDSA-AES128-GCM-SHA256
91 ECDHE-RSA-AES128-GCM-SHA256
92 ECDHE-ECDSA-AES256-GCM-SHA384
93 ECDHE-RSA-AES256-GCM-SHA384
94 ECDHE-ECDSA-CHACHA20-POLY1305
95 ECDHE-RSA-CHACHA20-POLY1305
96 DHE-RSA-AES128-GCM-SHA256
97 DHE-RSA-AES256-GCM-SHA384
98 DHE-RSA-CHACHA20-POLY1305
99 ECDHE-ECDSA-AES128-SHA256
100 ECDHE-RSA-AES128-SHA256
101 ECDHE-ECDSA-AES128-SHA
102 ECDHE-RSA-AES128-SHA
103 ECDHE-ECDSA-AES256-SHA384
104 ECDHE-RSA-AES256-SHA384
105 ECDHE-ECDSA-AES256-SHA
106 ECDHE-RSA-AES256-SHA
107 DHE-RSA-AES128-SHA256
108 DHE-RSA-AES256-SHA256
109 AES128-GCM-SHA256
110 AES256-GCM-SHA384
111 AES128-SHA256
112 AES256-SHA256
113 AES128-SHA
114 AES256-SHA
115 DES-CBC3-SHA
118 See this [list](https://github.com/curl/curl/blob/master/docs/CIPHERS-TLS12.md)
124 format with specific cipher strings (like `TLSv1.2`, `AESGCM`, `CHACHA20`) and
125 `!`, `-` and `+` operators. Refer to the
126 [OpenSSL cipher documentation](https://docs.openssl.org/master/man1/openssl-ciphers/#cipher-list-fo…
129 ### Schannel notes
131 Schannel does not support setting individual TLS 1.2 cipher suites directly.
133 in the form of `CALG_xxx`, see the [Schannel `ALG_ID`
134 documentation](https://docs.microsoft.com/windows/desktop/SecCrypto/alg-id)
136 `SCH_USE_STRONG_CRYPTO` can be given to pass that flag to Schannel, lookup the
138 use](https://learn.microsoft.com/en-us/windows/win32/secauthn/cipher-suites-in-schannel)
140 `--chiphers` and `--tl13-ciphers` options curl passes this flag by default.
146   --tls13-ciphers TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 \
147   --ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:\
148 ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305 \
151 Restrict ciphers to `aes128-gcm` and `chacha20`. Works with OpenSSL, LibreSSL,
156   --tlsv1.3 \
157   --tls13-ciphers TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 \
160 Restrict to only TLS 1.3 with `aes128-gcm` and `chacha20` ciphers. Works with
161 OpenSSL, LibreSSL, mbedTLS, wolfSSL and Schannel.
165   --ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:\
166 ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305 \
169 Restrict TLS 1.2 ciphers to `aes128-gcm` and `chacha20`, use default TLS 1.3
170 ciphers (if TLS 1.3 is available). Works with OpenSSL, LibreSSL, BoringSSL,
174 - [OpenSSL cipher suite names documentation](https://docs.openssl.org/master/man1/openssl-ciphers/#…
175 - [wolfSSL cipher support documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/chap…
176 - [mbedTLS cipher suites reference](https://mbed-tls.readthedocs.io/projects/api/en/development/api…
177 - [Schannel cipher suites documentation](https://learn.microsoft.com/en-us/windows/win32/secauthn/c…
178 - [BearSSL supported crypto](https://www.bearssl.org/support.html)
179 - [Secure Transport cipher suite values](https://developer.apple.com/documentation/security/1550981…
180 - [IANA cipher suites list](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tl…
181 - [Wikipedia cipher suite article](https://en.wikipedia.org/wiki/Cipher_suite)