Etusivu Tutki Apua
Kirjaudu sisään
dream
/
Android_verify
1
1
Haarauta 0
Tiedostot Esitykset 0 Vetopyynnöt 0 Wiki
Puu: 29346bed58
Haarat Tunnisteet
Android_verify
/
lib
/
curl
/
share
/
man
/
man3
/
CURLOPT_ECH.3

CURLOPT_ECH.3 2.1 KB
Historia Raaka

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 
  1. .\" generated by cd2nroff 0.1 from CURLOPT_ECH.md
    2. 

  2. .TH CURLOPT_ECH 3 "2025-01-17" libcurl
    3. 

  3. .SH NAME
    4. 

  4. CURLOPT_ECH \- configuration for Encrypted Client Hello
    5. 

  5. .SH SYNOPSIS
    6. 

  6. .nf
    7. 

  7. #include <curl/curl.h>
    8. 

  8. 

  9. CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ECH, char *config);
    10. 

  10. .fi
    11. 

  11. .SH DESCRIPTION
    12. 

  12. ECH is only compatible with TLSv1.3.
    13. 

  13. 

  14. This experimental feature requires a special build of OpenSSL, as ECH is not
    15. 

  15. yet supported in OpenSSL releases. In contrast ECH is supported by the latest
    16. 

  16. BoringSSL and wolfSSL releases.
    17. 

  17. 

  18. There is also a known issue with using wolfSSL which does not support ECH when
    19. 

  19. the HelloRetryRequest mechanism is used.
    20. 

  20. 

  21. Pass a string that specifies configuration details for ECH. In all cases, if
    22. 

  22. ECH is attempted, it may fail for various reasons. The keywords supported are:
    23. 

  23. .IP false
    24. 

  24. Turns off ECH.
    25. 

  25. .IP grease
    26. 

  26. Instructs client to emit a GREASE ECH extension. (The connection fails if ECH
    27. 

  27. is attempted but fails.)
    28. 

  28. .IP true
    29. 

  29. Instructs client to attempt ECH, if possible, but to not fail if attempting
    30. 

  30. ECH is not possible.
    31. 

  31. .IP hard
    32. 

  32. Instructs client to attempt ECH and fail if attempting ECH is not possible.
    33. 

  33. .IP ecl:\<base64-value\>
    34. 

  34. If the string starts with \fIecl:\fP then the remainder of the string should be a
    35. 

  35. base64\-encoded ECHConfigList that is used for ECH rather than attempting to
    36. 

  36. download such a value from the DNS.
    37. 

  37. .IP pn:\<name\>
    38. 

  38. If the string starts with \fIpn:\fP then the remainder of the string should be a
    39. 

  39. DNS/hostname that is used to over\-ride the public_name field of the
    40. 

  40. ECHConfigList that is used for ECH.
    41. 

  41. .SH DEFAULT
    42. 

  42. NULL, meaning ECH is disabled.
    43. 

  43. .SH PROTOCOLS
    44. 

  44. This functionality affects all TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
    45. 

  45. 

  46. This option works only with the following TLS backends:
    47. 

  47. OpenSSL and wolfSSL
    48. 

  48. .SH EXAMPLE
    49. 

  49. .nf
    50. 

  50. CURL *curl = curl_easy_init();
    51. 

  51. 

  52. const char *config ="ecl:AED+DQA87wAgACB/RuzUCsW3uBbSFI7mzD63TUXpI8sGDTnFTbFCDpa+CAAEAAEAAQANY292ZXIuZGVmby5pZQAA";
    53. 

  53. if(curl) {
    54. 

  54.   curl_easy_setopt(curl, CURLOPT_ECH, config);
    55. 

  55.   curl_easy_perform(curl);
    56. 

  56. }
    57. 

  57. .fi
    58. 

  58. .SH AVAILABILITY
    59. 

  59. Added in curl 8.8.0
    60. 

  60. .SH RETURN VALUE
    61. 

  61. Returns CURLE_OK on success or CURLE_OUT_OF_MEMORY if there was insufficient
    62. 

  62. heap space.
    63. 

  63. .SH SEE ALSO
    64. 

  64. .BR CURLOPT_DOH_URL (3)
    65.