TclTLS: Diff

Differences From Artifact [1f01ff8ecc]:

File doc/tls.html — part of check-in [168ce6abb1] at 2023-05-20 04:46:23 on branch status_x509 — Added get supported protocol versions command (user: bohagan, size: 20851) [annotate] [blame] [check-ins using]

To Artifact [d2eae2e68e]:

File doc/tls.html — part of check-in [05b2dd47be] at 2023-05-24 01:18:52 on branch status_x509 — Updated ciphers command to use current APIs and added an option to return only ciphers as would be sent in ClientHello. Updated test suite to use OpenSSL executable to get ciphers comparison data. Added more test cases. Addresses defects: https://core.tcl-lang.org/tcltls/tktview/688788a45c and https://sourceforge.net/p/tls/bugs/36/ (user: bohagan, size: 21489) [annotate] [blame] [check-ins using]

︙
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40	26 27 28 29 30 31 32 33 34 35 36 37 38 39 40	- +	<dd><b>tls::socket</b> <em> ?-server command? ?options? port</em></dd> <dd><b>tls::handshake</b> <em> channel</em></dd> <dd><b>tls::status </b> <em>?-local? channel</em></dd> <dd><b>tls::connection </b> <em>channel</em></dd> <dd><b>tls::import</b> <em>channel ?options?</em></dd> <dd><b>tls::unimport</b> <em>channel</em></dd> <dt> </dt> ~~<dd><b>tls::ciphers </b> <em>protocol ?verbose?</em></dd>~~ <dd><b>tls::ciphers </b> <em>protocol ?verbose? ?supported?</em></dd> <dd><b>tls::protocols</b></dd> <dd><b>tls::version</b></dd> </dl> </dd> <dd><a href="#COMMANDS">COMMANDS</a></dd> <dd><a href="#CALLBACK OPTIONS">CALLBACK OPTIONS</a></dd> <dd><a href="#HTTPS EXAMPLE">HTTPS EXAMPLE</a></dd>
︙
59 60 61 62 63 64 65 66 67 68 69 70 71 72 73	59 60 61 62 63 64 65 66 67 68 69 70 71 72 73	- +	<a href="#tls::socket"><b>tls::socket</b> <i>?-server command? ?options? port</i></a><br> <a href="#tls::status"><b>tls::status</b> <i>?-local? channel</i></a><br> <a href="#tls::connection"><b>tls::connection</b> <i>channel</i></a><br> <a href="#tls::handshake"><b>tls::handshake</b> <i>channel</i></a><br> <a href="#tls::import"><b>tls::import</b> <i>channel ?options?</i></a><br> <a href="#tls::unimport"><b>tls::unimport</b> <i>channel</i></a><br> <br> ~~<a href="#tls::ciphers"><b>tls::ciphers</b> <i>protocol ?verbose?</i></a><br>~~ <a href="#tls::ciphers"><b>tls::ciphers</b> <i>protocol ?verbose? ?supported?</i></a><br> <a href="#tls::protocols"><b>tls::protocols</b></a> <a href="#tls::version"><b>tls::version</b></a> </p> <h3><a name="DESCRIPTION">DESCRIPTION</a></h3> <p>This extension provides a generic binding to <a
︙
133 134 135 136 137 138 139 ~~140 141~~ 142 143 144 145 146 147 148	133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155	+ + + + + + + - - + +	<dd>Specify the filename containing the certificate to use. The default name is <b>cert.pem</b>. This can be overridden via the <b>SSL_CERT_FILE</b> environment variable.</dd> <dt><strong>-cert</strong> <em>filename</em></dt> <dd>Specify the contents of a certificate to use, as a DER encoded binary value (X.509 DER).</dd> <dt><strong>-cipher</strong> <em>string</em></dt> <dd>List of ciphers to use. String is a colon (":") separated list of ciphers or cipher suites. Cipher suites can be combined using the <b>+</b> character. Prefixes can be used to permanently remove ("!"), delete ("-"), or move a cypher to the end of the list ("+"). Keywords <b>@STRENGTH</b> (sort by algorithm key length), <b>@SECLEVEL=</b><i>n</i> (set security level to n), and <b>DEFAULT</b> (use default cipher list, at start only) ~~~~<dd>List of~~ ci~~phers to use~~. See OpenSSL documentation for the full list of valid values.</dd>~~ can also be specified. See OpenSSL documentation for the full list of valid values. (TLS 1.2 and earlier only)</dd> <dt><strong>-command</strong> <em>callback</em></dt> <dd>Callback to invoke at several points during the handshake. This is used to pass errors and tracing information, and it can allow Tcl scripts to perform their own certificate validation in place of the default validation provided by OpenSSL. See <a href="#CALLBACK OPTIONS">CALLBACK OPTIONS</a> for further discussion.</dd>
︙
281 282 283 284 285 286 287 ~~288~~ 289 290 291 292 ~~293~~ 294 295 296 297 298 299 300	288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309	- + - + + +	Negotiation (ALPN).</dd> <dt><strong>session_reused</strong> <em>boolean</em></dt> <dd>Whether the session has been reused or not.</dd> </dl> </blockquote> <dt><a name="tls::ciphers"><strong>tls::ciphers</strong> ~~<em>protocol ?verbose?</em></a></dt>~~ <em>protocol ?verbose? ?supported?</em></a></dt> <dd>Returns a list of supported ciphers available for <em>protocol</em>, where protocol must be one of <b>ssl2, ssl3, tls1, tls1.1, tls1.2,</b> or <b>tls1.3</b>. If <em>verbose</em> is specified as true then a verbose, human readable list is returned with ~~additional information on the cipher.~~</dd~~>~~ additional information on the cipher. If <em>supported</em> is specified as true, then only the ciphers supported for protocol will be listed.</dd> <dt><a name="tls::protocols"><strong>tls::protocols</strong></a></dt> <dd>Returns a list of supported protocols. Valid values are: <b>ssl2</b>, <b>ssl3</b>, <b>tls1</b>, <b>tls1.1</b>, <b>tls1.2</b>, and <b>tls1.3</b>.</dd> <dt><a name="tls::version"><strong>tls::version</strong></a></dt>
︙