* [PATCH v3] Allow use of TLS 1.3
@ 2018-03-26 9:24 Loganaden Velvindron
2018-03-26 21:38 ` Johannes Schindelin
0 siblings, 1 reply; 3+ messages in thread
From: Loganaden Velvindron @ 2018-03-26 9:24 UTC (permalink / raw)
To: git
Add a tlsv1.3 option to http.sslVersion in addition to the existing
tlsv1.[012] options. libcurl has supported this since 7.52.0.
Signed-off-by: Loganaden Velvindron <logan@hackers.mu>
---
Documentation/config.txt | 1 +
http.c | 3 +++
2 files changed, 4 insertions(+)
diff --git a/Documentation/config.txt b/Documentation/config.txt
index ce9102cea..f31d62772 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -1957,6 +1957,7 @@ http.sslVersion::
- tlsv1.0
- tlsv1.1
- tlsv1.2
+ - tlsv1.3
+
Can be overridden by the `GIT_SSL_VERSION` environment variable.
diff --git a/http.c b/http.c
index a5bd5d62c..f84b18551 100644
--- a/http.c
+++ b/http.c
@@ -62,6 +62,9 @@ static struct {
{ "tlsv1.1", CURL_SSLVERSION_TLSv1_1 },
{ "tlsv1.2", CURL_SSLVERSION_TLSv1_2 },
#endif
+#if LIBCURL_VERSION_NUM >= 0x073400
+ { "tlsv1.3", CURL_SSLVERSION_TLSv1_3 }
+#endif
};
#if LIBCURL_VERSION_NUM >= 0x070903
static const char *ssl_key;
--
2.16.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v3] Allow use of TLS 1.3
2018-03-26 9:24 [PATCH v3] Allow use of TLS 1.3 Loganaden Velvindron
@ 2018-03-26 21:38 ` Johannes Schindelin
2018-03-26 21:46 ` Daniel Stenberg
0 siblings, 1 reply; 3+ messages in thread
From: Johannes Schindelin @ 2018-03-26 21:38 UTC (permalink / raw)
To: Loganaden Velvindron; +Cc: git
Hi Logan,
On Mon, 26 Mar 2018, Loganaden Velvindron wrote:
> Add a tlsv1.3 option to http.sslVersion in addition to the existing
> tlsv1.[012] options. libcurl has supported this since 7.52.0.
>
> Signed-off-by: Loganaden Velvindron <logan@hackers.mu>
Can we *please* also add that OpenSSL 1.1.* is required (or that cURL is
built with NSS or BoringSSL as the TLS backend)?
See
https://public-inbox.org/git/nycvar.QRO.7.76.6.1803240035300.77@ZVAVAG-6OXH6DA.rhebcr.pbec.zvpebfbsg.pbz/
for my original please.
I deem this information *really* important because a lot of Git packages
are still built against OpenSSL 1.0.2 (e.g. Git for Windows) and *won't*
benefit immediately from your patch.
Ciao,
Johannes
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v3] Allow use of TLS 1.3
2018-03-26 21:38 ` Johannes Schindelin
@ 2018-03-26 21:46 ` Daniel Stenberg
0 siblings, 0 replies; 3+ messages in thread
From: Daniel Stenberg @ 2018-03-26 21:46 UTC (permalink / raw)
To: Johannes Schindelin; +Cc: Loganaden Velvindron, git
On Mon, 26 Mar 2018, Johannes Schindelin wrote:
> Can we *please* also add that OpenSSL 1.1.* is required (or that cURL is
> built with NSS or BoringSSL as the TLS backend)?
We might consider adding a way to extract that info from curl to make that
work really good for you. There are now six TLS libraries that support TLS 1.3
and it might be hard for git to figure out the exact situation for each
library and keep track of these moving targets...
--
/ daniel.haxx.se
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-03-26 21:46 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-03-26 9:24 [PATCH v3] Allow use of TLS 1.3 Loganaden Velvindron
2018-03-26 21:38 ` Johannes Schindelin
2018-03-26 21:46 ` Daniel Stenberg
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).