API tools faq
paste
Advertisement
emabrey

SO Answer

emabrey
Jan 2nd, 2018
97
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.25 KB | None | 0 0
raw download clone embed print report
  1. Git support for choosing SSL ciphers
  2. ====================================
  3.  
  4. You can use the `http.sslCipherList` git configuration variable to do this.
  5.  
  6. The `http.sslCipherList` variable is described as follows within Git's documentation:
  7.  
  8. >A list of SSL ciphers to use when negotiating an SSL connection. The available ciphers depend on whether libcurl was built against NSS or OpenSSL and the particular configuration of the crypto library in use. Internally this sets the `CURLOPT_SSL_CIPHER_LIST` option; see [the libcurl documentation][libcURL-man] for more details on the format of this list.
  9.  
  10.  
  11. Git command
  12. -----------
  13.  
  14. To set the cipher list globally for Git you would run:
  15.  
  16. `git config --global http.sslCipherList "<List of Cipher Identifiers>"`
  17.  
  18. It is **extremely important** to understand that **the cipher identifiers accepted by cURL differ based upon the SSL library cURL has been linked against**! That makes this configuration value non-portable between all installations of cURL which differ in their linked SSL library.
  19.  
  20. Additionally, while I have linked back-end specific documentation below, **only the cURL documentation on cipher identifiers is reliable** because the cURL developers did not perfectly reproduce and/or support the various identifiers for each back-end as detailed in [this mailing list thread][cURL-mail].
  21.  
  22. Resources
  23. =========
  24.  
  25. - [The git config section for `http.sslCipherList`][gitconfig]
  26. - [The cURL man page for the CURLOPT_SSL_CIPHER_LIST variable][libcURL-man]
  27. - [The cURL ciphers for all back-ends (reliable)][cURL-backends]
  28. - [cipher supported by the openSSL back-end][openSSL-man]
  29. - [mod_NSS ciphers supported by the NSS back-end][NSS-modNSS]
  30. - [mod_SSL ciphers supported by the NSS back-end][NSS-modSSL]
  31.  
  32. [gitconfig]: https://git-scm.com/docs/git-config#git-config-httpsslCipherList
  33. [libcURL-man]: https://curl.haxx.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html
  34. [cURL-mail]: https://curl.haxx.se/mail/lib-2016-05/0093.html
  35. [cURL-backends]: https://curl.haxx.se/docs/ssl-ciphers.html
  36. [NSS-modNSS]: https://pagure.io/mod_nss/blob/master/f/docs/mod_nss.html#_589
  37. [NSS-modSSL]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite
  38. [openSSL-man]: https://www.openssl.org/docs/manmaster/man1/ciphers.html
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!