http: allow use of TLS 1.3
authorLoganaden Velvindron <logan@hackers.mu>
Thu, 29 Mar 2018 10:14:18 +0000 (14:14 +0400)
committerJunio C Hamano <gitster@pobox.com>
Thu, 29 Mar 2018 20:54:31 +0000 (13:54 -0700)
Add a tlsv1.3 option to http.sslVersion in addition to the existing
tlsv1.[012] options. libcurl has supported this since 7.52.0.

This requires OpenSSL 1.1.1 with TLS 1.3 enabled or curl built with
recent versions of NSS or BoringSSL as the TLS backend.

Signed-off-by: Loganaden Velvindron <logan@hackers.mu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Documentation/config.txt
http.c

index 0e25b2c..ca8d168 100644 (file)
@@ -1948,6 +1948,7 @@ http.sslVersion::
        - tlsv1.0
        - tlsv1.1
        - tlsv1.2
+       - tlsv1.3
 
 +
 Can be overridden by the `GIT_SSL_VERSION` environment variable.
diff --git a/http.c b/http.c
index 32a8238..4699cf7 100644 (file)
--- a/http.c
+++ b/http.c
@@ -62,6 +62,9 @@ static struct {
        { "tlsv1.1", CURL_SSLVERSION_TLSv1_1 },
        { "tlsv1.2", CURL_SSLVERSION_TLSv1_2 },
 #endif
+#if LIBCURL_VERSION_NUM >= 0x073400
+       { "tlsv1.3", CURL_SSLVERSION_TLSv1_3 },
+#endif
 };
 #if LIBCURL_VERSION_NUM >= 0x070903
 static const char *ssl_key;