From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 27 May 2019 06:01:18 +0000 (+0200)
Subject: tls13-docs: mention it is only for OpenSSL >= 1.1.1
X-Git-Tag: curl-7_65_1~11
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7e590b3ecd2d4c061d8e001b25b869460bbdc560;p=thirdparty%2Fcurl.git

tls13-docs: mention it is only for OpenSSL >= 1.1.1

Reported-by: Jay Satiro
Co-authored-by: Jay Satiro
Fixes #3938
Closes #3946
---

diff --git a/docs/CIPHERS.md b/docs/CIPHERS.md
index 5c0fffea9d..5b2dde1898 100644
--- a/docs/CIPHERS.md
+++ b/docs/CIPHERS.md
@@ -6,11 +6,12 @@ and
 [`--ciphers`](https://curl.haxx.se/docs/manpage.html#--ciphers)
 users can control which ciphers to consider when negotiating TLS connections.
 
-TLS 1.3 ciphers are supported since curl 7.61 with options
+TLS 1.3 ciphers are supported since curl 7.61 for OpenSSL 1.1.1+ with options
 [`CURLOPT_TLS13_CIPHERS`](https://curl.haxx.se/libcurl/c/CURLOPT_TLS13_CIPHERS.html)
 and
 [`--tls13-ciphers`](https://curl.haxx.se/docs/manpage.html#--tls13-ciphers)
-.
+. If you are using a different SSL backend you can try setting TLS 1.3 cipher
+suites by using the respective regular cipher option.
 
 The names of the known ciphers differ depending on which TLS backend that
 libcurl was built to use. This is an attempt to list known cipher names.
diff --git a/docs/cmdline-opts/proxy-tls13-ciphers.d b/docs/cmdline-opts/proxy-tls13-ciphers.d
index 3e35b07640..08961b72e4 100644
--- a/docs/cmdline-opts/proxy-tls13-ciphers.d
+++ b/docs/cmdline-opts/proxy-tls13-ciphers.d
@@ -9,4 +9,8 @@ ciphers. Read up on TLS 1.3 cipher suite details on this URL:
 
  https://curl.haxx.se/docs/ssl-ciphers.html
 
+This option is currently used only when curl is built to use OpenSSL 1.1.1 or
+later. If you are using a different SSL backend you can try setting TLS 1.3
+cipher suites by using the --proxy-ciphers option.
+
 If this option is used several times, the last one will be used.
diff --git a/docs/cmdline-opts/tls13-ciphers.d b/docs/cmdline-opts/tls13-ciphers.d
index add161595d..654a25b4c5 100644
--- a/docs/cmdline-opts/tls13-ciphers.d
+++ b/docs/cmdline-opts/tls13-ciphers.d
@@ -9,4 +9,8 @@ cipher suite details on this URL:
 
  https://curl.haxx.se/docs/ssl-ciphers.html
 
+This option is currently used only when curl is built to use OpenSSL 1.1.1 or
+later. If you are using a different SSL backend you can try setting TLS 1.3
+cipher suites by using the --ciphers option.
+
 If this option is used several times, the last one will be used.
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_TLS13_CIPHERS.3 b/docs/libcurl/opts/CURLOPT_PROXY_TLS13_CIPHERS.3
index fe3a6b71ca..e08d721464 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_TLS13_CIPHERS.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_TLS13_CIPHERS.3
@@ -37,6 +37,10 @@ You'll find more details about cipher lists on this URL:
 
  https://curl.haxx.se/docs/ssl-ciphers.html
 
+This option is currently used only when curl is built to use OpenSSL 1.1.1 or
+later. If you are using a different SSL backend you can try setting TLS 1.3
+cipher suites by using the CURLOPT_PROXY_SSL_CIPHER_LIST option.
+
 The application does not have to keep the string around after setting this
 option.
 .SH DEFAULT
diff --git a/docs/libcurl/opts/CURLOPT_TLS13_CIPHERS.3 b/docs/libcurl/opts/CURLOPT_TLS13_CIPHERS.3
index 4c452deca1..e56aa535c8 100644
--- a/docs/libcurl/opts/CURLOPT_TLS13_CIPHERS.3
+++ b/docs/libcurl/opts/CURLOPT_TLS13_CIPHERS.3
@@ -36,6 +36,10 @@ You'll find more details about cipher lists on this URL:
 
  https://curl.haxx.se/docs/ssl-ciphers.html
 
+This option is currently used only when curl is built to use OpenSSL 1.1.1 or
+later. If you are using a different SSL backend you can try setting TLS 1.3
+cipher suites by using the CURLOPT_SSL_CIPHER_LIST option.
+
 The application does not have to keep the string around after setting this
 option.
 .SH DEFAULT
diff --git a/src/tool_help.c b/src/tool_help.c
index ad6b6a1078..9209a13dd5 100644
--- a/src/tool_help.c
+++ b/src/tool_help.c
@@ -335,8 +335,8 @@ static const struct helptxt helptext[] = {
    "SPNEGO proxy service name"},
   {"    --proxy-ssl-allow-beast",
    "Allow security flaw for interop for HTTPS proxy"},
-  {"    --proxy-tls13-ciphers <ciphersuite list>",
-   "TLS 1.3 proxy cipher suites"},
+  {"    --proxy-tls13-ciphers <list>",
+   "TLS 1.3 ciphersuites for proxy (OpenSSL)"},
   {"    --proxy-tlsauthtype <type>",
    "TLS authentication type for HTTPS proxy"},
   {"    --proxy-tlspassword <string>",
@@ -445,8 +445,8 @@ static const struct helptxt helptext[] = {
    "Transfer based on a time condition"},
   {"    --tls-max <VERSION>",
    "Set maximum allowed TLS version"},
-  {"    --tls13-ciphers <list of TLS 1.3 ciphersuites>",
-   "TLS 1.3 cipher suites to use"},
+  {"    --tls13-ciphers <list>",
+   "TLS 1.3 ciphersuites (OpenSSL)"},
   {"    --tlsauthtype <type>",
    "TLS authentication type"},
   {"    --tlspassword",