mirror of
https://codeberg.org/kiss-community/repo
synced 2024-09-11 23:30:13 +00:00
65 lines
2.1 KiB
Groff
65 lines
2.1 KiB
Groff
|
.\" generated by cd2nroff 0.1 from CURLOPT_ECH.md
|
||
|
.TH CURLOPT_ECH 3 "2024-06-01" libcurl
|
||
|
.SH NAME
|
||
|
CURLOPT_ECH \- configuration for Encrypted Client Hello
|
||
|
.SH SYNOPSIS
|
||
|
.nf
|
||
|
#include <curl/curl.h>
|
||
|
|
||
|
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ECH, char *config);
|
||
|
.fi
|
||
|
.SH DESCRIPTION
|
||
|
ECH is only compatible with TLSv1.3.
|
||
|
|
||
|
This experimental feature requires a special build of OpenSSL, as ECH is not
|
||
|
yet supported in OpenSSL releases. In contrast ECH is supported by the latest
|
||
|
BoringSSL and wolfSSL releases.
|
||
|
|
||
|
There is also a known issue with using wolfSSL which does not support ECH when
|
||
|
the HelloRetryRequest mechanism is used.
|
||
|
|
||
|
Pass a string that specifies configuration details for ECH. In all cases, if
|
||
|
ECH is attempted, it may fail for various reasons. The keywords supported are:
|
||
|
.IP false
|
||
|
Turns off ECH.
|
||
|
.IP grease
|
||
|
Instructs client to emit a GREASE ECH extension. (The connection fails if ECH
|
||
|
is attempted but fails.)
|
||
|
.IP true
|
||
|
Instructs client to attempt ECH, if possible, but to not fail if attempting
|
||
|
ECH is not possible.
|
||
|
.IP hard
|
||
|
Instructs client to attempt ECH and fail if if attempting ECH is not possible.
|
||
|
.IP ecl:\<base64-value\>
|
||
|
If the string starts with \fIecl:\fP then the remainder of the string should be a
|
||
|
base64\-encoded ECHConfigList that is used for ECH rather than attempting to
|
||
|
download such a value from the DNS.
|
||
|
.IP pn:\<name\>
|
||
|
If the string starts with \fIpn:\fP then the remainder of the string should be a
|
||
|
DNS/hostname that is used to over\-ride the public_name field of the
|
||
|
ECHConfigList that is used for ECH.
|
||
|
.SH DEFAULT
|
||
|
NULL, meaning ECH is disabled.
|
||
|
.SH PROTOCOLS
|
||
|
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
|
||
|
|
||
|
This option works only with the following TLS backends:
|
||
|
OpenSSL and wolfSSL
|
||
|
.SH EXAMPLE
|
||
|
.nf
|
||
|
CURL *curl = curl_easy_init();
|
||
|
|
||
|
const char *config ="ecl:AED+DQA87wAgACB/RuzUCsW3uBbSFI7mzD63TUXpI8sGDTnFTbFCDpa+CAAEAAEAAQANY292ZXIuZGVmby5pZQAA";
|
||
|
if(curl) {
|
||
|
curl_easy_setopt(curl, CURLOPT_ECH, config);
|
||
|
curl_easy_perform(curl);
|
||
|
}
|
||
|
.fi
|
||
|
.SH AVAILABILITY
|
||
|
Added in 8.8.0
|
||
|
.SH RETURN VALUE
|
||
|
Returns CURLE_OK on success or CURLE_OUT_OF_MEMORY if there was insufficient
|
||
|
heap space.
|
||
|
.SH SEE ALSO
|
||
|
.BR CURLOPT_DOH_URL (3)
|