diff options
| author | John-Mark Bell <jmb@netsurf-browser.org> | 2022-11-05 12:34:46 +0000 |
|---|---|---|
| committer | John-Mark Bell <jmb@netsurf-browser.org> | 2022-11-05 12:42:15 +0000 |
| commit | 53e92ed57b4be2084a39a902c699859a5e10a544 (patch) | |
| tree | e35b7a8b3ca7541222cbd7952c174faeab8edb78 | |
| parent | 877bc2ce13322e2e8f92dd3c54fea20fe092b3a5 (diff) | |
| download | netsurf-53e92ed57b4be2084a39a902c699859a5e10a544.tar.gz netsurf-53e92ed57b4be2084a39a902c699859a5e10a544.tar.bz2 | |
fetchers/curl: explicitly configure TLS1.3 ciphersuites
These currently match the defaults, so no functional change.
| -rw-r--r-- | content/fetchers/curl.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c index d36f44c09..824b0b318 100644 --- a/content/fetchers/curl.c +++ b/content/fetchers/curl.c @@ -67,7 +67,15 @@ #define UPDATES_PER_SECOND 2 /** - * The ciphersuites the browser is prepared to use + * The ciphersuites the browser is prepared to use for TLS1.3 + */ +#define CIPHER_SUITES \ + "TLS_AES_256_GCM_SHA384:" \ + "TLS_CHACHA20_POLY1305_SHA256:" \ + "TLS_AES_128_GCM_SHA256" + +/** + * The ciphersuites the browser is prepared to use for TLS<1.3 */ #define CIPHER_LIST \ /* disable everything */ \ @@ -1785,6 +1793,10 @@ nserror fetch_curl_register(void) /* only set the cipher list with openssl otherwise the * fetch fails with "Unknown cipher in list" */ +#if LIBCURL_VERSION_NUM >= 0x073d00 + /* Need libcurl 7.61.0 or later */ + SETOPT(CURLOPT_TLS13_CIPHERS, CIPHER_SUITES); +#endif SETOPT(CURLOPT_SSL_CIPHER_LIST, CIPHER_LIST); } |