mirror of
https://github.com/cmclark00/retro-imager.git
synced 2025-05-18 16:05:21 +01:00
deps: Add modified curl-8.8.0
Add a modified version of curl-8.8.0, where the modifications are primarily centred around the CMake infrastructure to make the library more consumable as a vendored dependency.
This commit is contained in:
Tom Dewey
Tom Dewey
parent
b1043a3601
commit
593abb7981
3823 changed files with 671347 additions and 0 deletions
433
src/dependencies/curl-8.8.0/docs/CIPHERS.md
Normal file
433
src/dependencies/curl-8.8.0/docs/CIPHERS.md
Normal file
|
|
@ -0,0 +1,433 @@
|
|||
<!--
|
||||
Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
|
||||
SPDX-License-Identifier: curl
|
||||
-->
|
||||
|
||||
# Ciphers
|
||||
|
||||
With curl's options
|
||||
[`CURLOPT_SSL_CIPHER_LIST`](https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html)
|
||||
and
|
||||
[`--ciphers`](https://curl.se/docs/manpage.html#--ciphers)
|
||||
users can control which ciphers to consider when negotiating TLS connections.
|
||||
|
||||
TLS 1.3 ciphers are supported since curl 7.61 for OpenSSL 1.1.1+, and since
|
||||
curl 7.85 for Schannel with options
|
||||
[`CURLOPT_TLS13_CIPHERS`](https://curl.se/libcurl/c/CURLOPT_TLS13_CIPHERS.html)
|
||||
and
|
||||
[`--tls13-ciphers`](https://curl.se/docs/manpage.html#--tls13-ciphers)
|
||||
. If you are using a different SSL backend you can try setting TLS 1.3 cipher
|
||||
suites by using the respective regular cipher option.
|
||||
|
||||
The names of the known ciphers differ depending on which TLS backend that
|
||||
libcurl was built to use. This is an attempt to list known cipher names.
|
||||
|
||||
## OpenSSL
|
||||
|
||||
(based on [OpenSSL docs](https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html))
|
||||
|
||||
When specifying multiple cipher names, separate them with colon (`:`).
|
||||
|
||||
### SSL3 cipher suites
|
||||
|
||||
`NULL-MD5`
|
||||
`NULL-SHA`
|
||||
`RC4-MD5`
|
||||
`RC4-SHA`
|
||||
`IDEA-CBC-SHA`
|
||||
`DES-CBC3-SHA`
|
||||
`DH-DSS-DES-CBC3-SHA`
|
||||
`DH-RSA-DES-CBC3-SHA`
|
||||
`DHE-DSS-DES-CBC3-SHA`
|
||||
`DHE-RSA-DES-CBC3-SHA`
|
||||
`ADH-RC4-MD5`
|
||||
`ADH-DES-CBC3-SHA`
|
||||
|
||||
### TLS v1.0 cipher suites
|
||||
|
||||
`NULL-MD5`
|
||||
`NULL-SHA`
|
||||
`RC4-MD5`
|
||||
`RC4-SHA`
|
||||
`IDEA-CBC-SHA`
|
||||
`DES-CBC3-SHA`
|
||||
`DHE-DSS-DES-CBC3-SHA`
|
||||
`DHE-RSA-DES-CBC3-SHA`
|
||||
`ADH-RC4-MD5`
|
||||
`ADH-DES-CBC3-SHA`
|
||||
|
||||
### AES cipher suites from RFC 3268, extending TLS v1.0
|
||||
|
||||
`AES128-SHA`
|
||||
`AES256-SHA`
|
||||
`DH-DSS-AES128-SHA`
|
||||
`DH-DSS-AES256-SHA`
|
||||
`DH-RSA-AES128-SHA`
|
||||
`DH-RSA-AES256-SHA`
|
||||
`DHE-DSS-AES128-SHA`
|
||||
`DHE-DSS-AES256-SHA`
|
||||
`DHE-RSA-AES128-SHA`
|
||||
`DHE-RSA-AES256-SHA`
|
||||
`ADH-AES128-SHA`
|
||||
`ADH-AES256-SHA`
|
||||
|
||||
### SEED cipher suites from RFC 4162, extending TLS v1.0
|
||||
|
||||
`SEED-SHA`
|
||||
`DH-DSS-SEED-SHA`
|
||||
`DH-RSA-SEED-SHA`
|
||||
`DHE-DSS-SEED-SHA`
|
||||
`DHE-RSA-SEED-SHA`
|
||||
`ADH-SEED-SHA`
|
||||
|
||||
### GOST cipher suites, extending TLS v1.0
|
||||
|
||||
`GOST94-GOST89-GOST89`
|
||||
`GOST2001-GOST89-GOST89`
|
||||
`GOST94-NULL-GOST94`
|
||||
`GOST2001-NULL-GOST94`
|
||||
|
||||
### Elliptic curve cipher suites
|
||||
|
||||
`ECDHE-RSA-NULL-SHA`
|
||||
`ECDHE-RSA-RC4-SHA`
|
||||
`ECDHE-RSA-DES-CBC3-SHA`
|
||||
`ECDHE-RSA-AES128-SHA`
|
||||
`ECDHE-RSA-AES256-SHA`
|
||||
`ECDHE-ECDSA-NULL-SHA`
|
||||
`ECDHE-ECDSA-RC4-SHA`
|
||||
`ECDHE-ECDSA-DES-CBC3-SHA`
|
||||
`ECDHE-ECDSA-AES128-SHA`
|
||||
`ECDHE-ECDSA-AES256-SHA`
|
||||
`AECDH-NULL-SHA`
|
||||
`AECDH-RC4-SHA`
|
||||
`AECDH-DES-CBC3-SHA`
|
||||
`AECDH-AES128-SHA`
|
||||
`AECDH-AES256-SHA`
|
||||
|
||||
### TLS v1.2 cipher suites
|
||||
|
||||
`NULL-SHA256`
|
||||
`AES128-SHA256`
|
||||
`AES256-SHA256`
|
||||
`AES128-GCM-SHA256`
|
||||
`AES256-GCM-SHA384`
|
||||
`DH-RSA-AES128-SHA256`
|
||||
`DH-RSA-AES256-SHA256`
|
||||
`DH-RSA-AES128-GCM-SHA256`
|
||||
`DH-RSA-AES256-GCM-SHA384`
|
||||
`DH-DSS-AES128-SHA256`
|
||||
`DH-DSS-AES256-SHA256`
|
||||
`DH-DSS-AES128-GCM-SHA256`
|
||||
`DH-DSS-AES256-GCM-SHA384`
|
||||
`DHE-RSA-AES128-SHA256`
|
||||
`DHE-RSA-AES256-SHA256`
|
||||
`DHE-RSA-AES128-GCM-SHA256`
|
||||
`DHE-RSA-AES256-GCM-SHA384`
|
||||
`DHE-DSS-AES128-SHA256`
|
||||
`DHE-DSS-AES256-SHA256`
|
||||
`DHE-DSS-AES128-GCM-SHA256`
|
||||
`DHE-DSS-AES256-GCM-SHA384`
|
||||
`ECDHE-RSA-AES128-SHA256`
|
||||
`ECDHE-RSA-AES256-SHA384`
|
||||
`ECDHE-RSA-AES128-GCM-SHA256`
|
||||
`ECDHE-RSA-AES256-GCM-SHA384`
|
||||
`ECDHE-ECDSA-AES128-SHA256`
|
||||
`ECDHE-ECDSA-AES256-SHA384`
|
||||
`ECDHE-ECDSA-AES128-GCM-SHA256`
|
||||
`ECDHE-ECDSA-AES256-GCM-SHA384`
|
||||
`ADH-AES128-SHA256`
|
||||
`ADH-AES256-SHA256`
|
||||
`ADH-AES128-GCM-SHA256`
|
||||
`ADH-AES256-GCM-SHA384`
|
||||
`AES128-CCM`
|
||||
`AES256-CCM`
|
||||
`DHE-RSA-AES128-CCM`
|
||||
`DHE-RSA-AES256-CCM`
|
||||
`AES128-CCM8`
|
||||
`AES256-CCM8`
|
||||
`DHE-RSA-AES128-CCM8`
|
||||
`DHE-RSA-AES256-CCM8`
|
||||
`ECDHE-ECDSA-AES128-CCM`
|
||||
`ECDHE-ECDSA-AES256-CCM`
|
||||
`ECDHE-ECDSA-AES128-CCM8`
|
||||
`ECDHE-ECDSA-AES256-CCM8`
|
||||
|
||||
### Camellia HMAC-Based cipher suites from RFC 6367, extending TLS v1.2
|
||||
|
||||
`ECDHE-ECDSA-CAMELLIA128-SHA256`
|
||||
`ECDHE-ECDSA-CAMELLIA256-SHA384`
|
||||
`ECDHE-RSA-CAMELLIA128-SHA256`
|
||||
`ECDHE-RSA-CAMELLIA256-SHA384`
|
||||
|
||||
### TLS 1.3 cipher suites
|
||||
|
||||
(Note these ciphers are set with `CURLOPT_TLS13_CIPHERS` and `--tls13-ciphers`)
|
||||
|
||||
`TLS_AES_256_GCM_SHA384`
|
||||
`TLS_CHACHA20_POLY1305_SHA256`
|
||||
`TLS_AES_128_GCM_SHA256`
|
||||
`TLS_AES_128_CCM_8_SHA256`
|
||||
`TLS_AES_128_CCM_SHA256`
|
||||
|
||||
## WolfSSL
|
||||
|
||||
`RC4-SHA`,
|
||||
`RC4-MD5`,
|
||||
`DES-CBC3-SHA`,
|
||||
`AES128-SHA`,
|
||||
`AES256-SHA`,
|
||||
`NULL-SHA`,
|
||||
`NULL-SHA256`,
|
||||
`DHE-RSA-AES128-SHA`,
|
||||
`DHE-RSA-AES256-SHA`,
|
||||
`DHE-PSK-AES256-GCM-SHA384`,
|
||||
`DHE-PSK-AES128-GCM-SHA256`,
|
||||
`PSK-AES256-GCM-SHA384`,
|
||||
`PSK-AES128-GCM-SHA256`,
|
||||
`DHE-PSK-AES256-CBC-SHA384`,
|
||||
`DHE-PSK-AES128-CBC-SHA256`,
|
||||
`PSK-AES256-CBC-SHA384`,
|
||||
`PSK-AES128-CBC-SHA256`,
|
||||
`PSK-AES128-CBC-SHA`,
|
||||
`PSK-AES256-CBC-SHA`,
|
||||
`DHE-PSK-AES128-CCM`,
|
||||
`DHE-PSK-AES256-CCM`,
|
||||
`PSK-AES128-CCM`,
|
||||
`PSK-AES256-CCM`,
|
||||
`PSK-AES128-CCM-8`,
|
||||
`PSK-AES256-CCM-8`,
|
||||
`DHE-PSK-NULL-SHA384`,
|
||||
`DHE-PSK-NULL-SHA256`,
|
||||
`PSK-NULL-SHA384`,
|
||||
`PSK-NULL-SHA256`,
|
||||
`PSK-NULL-SHA`,
|
||||
`HC128-MD5`,
|
||||
`HC128-SHA`,
|
||||
`HC128-B2B256`,
|
||||
`AES128-B2B256`,
|
||||
`AES256-B2B256`,
|
||||
`RABBIT-SHA`,
|
||||
`NTRU-RC4-SHA`,
|
||||
`NTRU-DES-CBC3-SHA`,
|
||||
`NTRU-AES128-SHA`,
|
||||
`NTRU-AES256-SHA`,
|
||||
`AES128-CCM-8`,
|
||||
`AES256-CCM-8`,
|
||||
`ECDHE-ECDSA-AES128-CCM`,
|
||||
`ECDHE-ECDSA-AES128-CCM-8`,
|
||||
`ECDHE-ECDSA-AES256-CCM-8`,
|
||||
`ECDHE-RSA-AES128-SHA`,
|
||||
`ECDHE-RSA-AES256-SHA`,
|
||||
`ECDHE-ECDSA-AES128-SHA`,
|
||||
`ECDHE-ECDSA-AES256-SHA`,
|
||||
`ECDHE-RSA-RC4-SHA`,
|
||||
`ECDHE-RSA-DES-CBC3-SHA`,
|
||||
`ECDHE-ECDSA-RC4-SHA`,
|
||||
`ECDHE-ECDSA-DES-CBC3-SHA`,
|
||||
`AES128-SHA256`,
|
||||
`AES256-SHA256`,
|
||||
`DHE-RSA-AES128-SHA256`,
|
||||
`DHE-RSA-AES256-SHA256`,
|
||||
`ECDH-RSA-AES128-SHA`,
|
||||
`ECDH-RSA-AES256-SHA`,
|
||||
`ECDH-ECDSA-AES128-SHA`,
|
||||
`ECDH-ECDSA-AES256-SHA`,
|
||||
`ECDH-RSA-RC4-SHA`,
|
||||
`ECDH-RSA-DES-CBC3-SHA`,
|
||||
`ECDH-ECDSA-RC4-SHA`,
|
||||
`ECDH-ECDSA-DES-CBC3-SHA`,
|
||||
`AES128-GCM-SHA256`,
|
||||
`AES256-GCM-SHA384`,
|
||||
`DHE-RSA-AES128-GCM-SHA256`,
|
||||
`DHE-RSA-AES256-GCM-SHA384`,
|
||||
`ECDHE-RSA-AES128-GCM-SHA256`,
|
||||
`ECDHE-RSA-AES256-GCM-SHA384`,
|
||||
`ECDHE-ECDSA-AES128-GCM-SHA256`,
|
||||
`ECDHE-ECDSA-AES256-GCM-SHA384`,
|
||||
`ECDH-RSA-AES128-GCM-SHA256`,
|
||||
`ECDH-RSA-AES256-GCM-SHA384`,
|
||||
`ECDH-ECDSA-AES128-GCM-SHA256`,
|
||||
`ECDH-ECDSA-AES256-GCM-SHA384`,
|
||||
`CAMELLIA128-SHA`,
|
||||
`DHE-RSA-CAMELLIA128-SHA`,
|
||||
`CAMELLIA256-SHA`,
|
||||
`DHE-RSA-CAMELLIA256-SHA`,
|
||||
`CAMELLIA128-SHA256`,
|
||||
`DHE-RSA-CAMELLIA128-SHA256`,
|
||||
`CAMELLIA256-SHA256`,
|
||||
`DHE-RSA-CAMELLIA256-SHA256`,
|
||||
`ECDHE-RSA-AES128-SHA256`,
|
||||
`ECDHE-ECDSA-AES128-SHA256`,
|
||||
`ECDH-RSA-AES128-SHA256`,
|
||||
`ECDH-ECDSA-AES128-SHA256`,
|
||||
`ECDHE-RSA-AES256-SHA384`,
|
||||
`ECDHE-ECDSA-AES256-SHA384`,
|
||||
`ECDH-RSA-AES256-SHA384`,
|
||||
`ECDH-ECDSA-AES256-SHA384`,
|
||||
`ECDHE-RSA-CHACHA20-POLY1305`,
|
||||
`ECDHE-ECDSA-CHACHA20-POLY1305`,
|
||||
`DHE-RSA-CHACHA20-POLY1305`,
|
||||
`ECDHE-RSA-CHACHA20-POLY1305-OLD`,
|
||||
`ECDHE-ECDSA-CHACHA20-POLY1305-OLD`,
|
||||
`DHE-RSA-CHACHA20-POLY1305-OLD`,
|
||||
`ADH-AES128-SHA`,
|
||||
`QSH`,
|
||||
`RENEGOTIATION-INFO`,
|
||||
`IDEA-CBC-SHA`,
|
||||
`ECDHE-ECDSA-NULL-SHA`,
|
||||
`ECDHE-PSK-NULL-SHA256`,
|
||||
`ECDHE-PSK-AES128-CBC-SHA256`,
|
||||
`PSK-CHACHA20-POLY1305`,
|
||||
`ECDHE-PSK-CHACHA20-POLY1305`,
|
||||
`DHE-PSK-CHACHA20-POLY1305`,
|
||||
`EDH-RSA-DES-CBC3-SHA`,
|
||||
|
||||
## Schannel
|
||||
|
||||
Schannel allows the enabling and disabling of encryption algorithms, but not
|
||||
specific cipher suites, prior to TLS 1.3. The algorithms are
|
||||
[defined](https://docs.microsoft.com/windows/desktop/SecCrypto/alg-id) by
|
||||
Microsoft.
|
||||
|
||||
The algorithms below are for TLS 1.2 and earlier. TLS 1.3 is covered in the
|
||||
next section.
|
||||
|
||||
There is also the case that the selected algorithm is not supported by the
|
||||
protocol or does not match the ciphers offered by the server during the SSL
|
||||
negotiation. In this case curl returns error
|
||||
`CURLE_SSL_CONNECT_ERROR (35) SEC_E_ALGORITHM_MISMATCH`
|
||||
and the request fails.
|
||||
|
||||
`CALG_MD2`,
|
||||
`CALG_MD4`,
|
||||
`CALG_MD5`,
|
||||
`CALG_SHA`,
|
||||
`CALG_SHA1`,
|
||||
`CALG_MAC`,
|
||||
`CALG_RSA_SIGN`,
|
||||
`CALG_DSS_SIGN`,
|
||||
`CALG_NO_SIGN`,
|
||||
`CALG_RSA_KEYX`,
|
||||
`CALG_DES`,
|
||||
`CALG_3DES_112`,
|
||||
`CALG_3DES`,
|
||||
`CALG_DESX`,
|
||||
`CALG_RC2`,
|
||||
`CALG_RC4`,
|
||||
`CALG_SEAL`,
|
||||
`CALG_DH_SF`,
|
||||
`CALG_DH_EPHEM`,
|
||||
`CALG_AGREEDKEY_ANY`,
|
||||
`CALG_HUGHES_MD5`,
|
||||
`CALG_SKIPJACK`,
|
||||
`CALG_TEK`,
|
||||
`CALG_CYLINK_MEK`,
|
||||
`CALG_SSL3_SHAMD5`,
|
||||
`CALG_SSL3_MASTER`,
|
||||
`CALG_SCHANNEL_MASTER_HASH`,
|
||||
`CALG_SCHANNEL_MAC_KEY`,
|
||||
`CALG_SCHANNEL_ENC_KEY`,
|
||||
`CALG_PCT1_MASTER`,
|
||||
`CALG_SSL2_MASTER`,
|
||||
`CALG_TLS1_MASTER`,
|
||||
`CALG_RC5`,
|
||||
`CALG_HMAC`,
|
||||
`CALG_TLS1PRF`,
|
||||
`CALG_HASH_REPLACE_OWF`,
|
||||
`CALG_AES_128`,
|
||||
`CALG_AES_192`,
|
||||
`CALG_AES_256`,
|
||||
`CALG_AES`,
|
||||
`CALG_SHA_256`,
|
||||
`CALG_SHA_384`,
|
||||
`CALG_SHA_512`,
|
||||
`CALG_ECDH`,
|
||||
`CALG_ECMQV`,
|
||||
`CALG_ECDSA`,
|
||||
`CALG_ECDH_EPHEM`,
|
||||
|
||||
As of curl 7.77.0, you can also pass `SCH_USE_STRONG_CRYPTO` as a cipher name
|
||||
to [constrain the set of available ciphers as specified in the Schannel
|
||||
documentation](https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-server-2022).
|
||||
Note that the supported ciphers in this case follow the OS version, so if you
|
||||
are running an outdated OS you might still be supporting weak ciphers.
|
||||
|
||||
### TLS 1.3 cipher suites
|
||||
|
||||
You can set TLS 1.3 ciphers for Schannel by using `CURLOPT_TLS13_CIPHERS` or
|
||||
`--tls13-ciphers` with the names below.
|
||||
|
||||
If TLS 1.3 cipher suites are set then libcurl adds or restricts Schannel TLS
|
||||
1.3 algorithms automatically. Essentially, libcurl is emulating support for
|
||||
individual TLS 1.3 cipher suites since Schannel does not support it directly.
|
||||
|
||||
`TLS_AES_256_GCM_SHA384`
|
||||
`TLS_AES_128_GCM_SHA256`
|
||||
`TLS_CHACHA20_POLY1305_SHA256`
|
||||
`TLS_AES_128_CCM_8_SHA256`
|
||||
`TLS_AES_128_CCM_SHA256`
|
||||
|
||||
Note if you set TLS 1.3 ciphers without also setting the minimum TLS version
|
||||
to 1.3 then it is possible Schannel may negotiate an earlier TLS version and
|
||||
cipher suite if your libcurl and OS settings allow it. You can set the minimum
|
||||
TLS version by using `CURLOPT_SSLVERSION` or `--tlsv1.3`.
|
||||
|
||||
## BearSSL
|
||||
|
||||
BearSSL ciphers can be specified by either the OpenSSL name (`ECDHE-RSA-AES128-GCM-SHA256`) or the IANA name (`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`).
|
||||
|
||||
Since BearSSL 0.1:
|
||||
|
||||
`DES-CBC3-SHA`
|
||||
`AES128-SHA`
|
||||
`AES256-SHA`
|
||||
`AES128-SHA256`
|
||||
`AES256-SHA256`
|
||||
`AES128-GCM-SHA256`
|
||||
`AES256-GCM-SHA384`
|
||||
`ECDH-ECDSA-DES-CBC3-SHA`
|
||||
`ECDH-ECDSA-AES128-SHA`
|
||||
`ECDH-ECDSA-AES256-SHA`
|
||||
`ECDHE-ECDSA-DES-CBC3-SHA`
|
||||
`ECDHE-ECDSA-AES128-SHA`
|
||||
`ECDHE-ECDSA-AES256-SHA`
|
||||
`ECDH-RSA-DES-CBC3-SHA`
|
||||
`ECDH-RSA-AES128-SHA`
|
||||
`ECDH-RSA-AES256-SHA`
|
||||
`ECDHE-RSA-DES-CBC3-SHA`
|
||||
`ECDHE-RSA-AES128-SHA`
|
||||
`ECDHE-RSA-AES256-SHA`
|
||||
`ECDHE-ECDSA-AES128-SHA256`
|
||||
`ECDHE-ECDSA-AES256-SHA384`
|
||||
`ECDH-ECDSA-AES128-SHA256`
|
||||
`ECDH-ECDSA-AES256-SHA384`
|
||||
`ECDHE-RSA-AES128-SHA256`
|
||||
`ECDHE-RSA-AES256-SHA384`
|
||||
`ECDH-RSA-AES128-SHA256`
|
||||
`ECDH-RSA-AES256-SHA384`
|
||||
`ECDHE-ECDSA-AES128-GCM-SHA256`
|
||||
`ECDHE-ECDSA-AES256-GCM-SHA384`
|
||||
`ECDH-ECDSA-AES128-GCM-SHA256`
|
||||
`ECDH-ECDSA-AES256-GCM-SHA384`
|
||||
`ECDHE-RSA-AES128-GCM-SHA256`
|
||||
`ECDHE-RSA-AES256-GCM-SHA384`
|
||||
`ECDH-RSA-AES128-GCM-SHA256`
|
||||
`ECDH-RSA-AES256-GCM-SHA384`
|
||||
|
||||
Since BearSSL 0.2:
|
||||
|
||||
`ECDHE-RSA-CHACHA20-POLY1305`
|
||||
`ECDHE-ECDSA-CHACHA20-POLY1305`
|
||||
|
||||
Since BearSSL 0.6:
|
||||
|
||||
`AES128-CCM`
|
||||
`AES256-CCM`
|
||||
`AES128-CCM8`
|
||||
`AES256-CCM8`
|
||||
`ECDHE-ECDSA-AES128-CCM`
|
||||
`ECDHE-ECDSA-AES256-CCM`
|
||||
`ECDHE-ECDSA-AES128-CCM8`
|
||||
`ECDHE-ECDSA-AES256-CCM8`
|
||||
Loading…
Add table
Add a link
Reference in a new issue