参考:https://testssl.sh/openssl-iana.mapping.html
https://unix.stackexchange.com/questions/208437/how-to-convert-ssl-ciphers-to-curl-format
举例:
AES GCM cipher suites in RFC 5288 and RFC 5289
<argument> <name>
rsa_aes_128_gcm_sha_256 TLS_RSA_WITH_AES_128_GCM_SHA256
dhe_rsa_aes_128_gcm_sha_256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
dhe_dss_aes_128_gcm_sha_256 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
ecdhe_ecdsa_aes_128_gcm_sha_256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
ecdh_ecdsa_aes_128_gcm_sha_256 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
ecdhe_rsa_aes_128_gcm_sha_256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ecdh_rsa_aes_128_gcm_sha_256 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
So if you want to use the cipher TLS_DHE_RSA_WITH_AES_128_CBC_SHA
, the command would be:
curl --ciphers dhe_rsa_aes_128_cbc_sha <url>
In order to specify multiple ciphers, separate the list with commas. So if you want to use the cipher TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
as well, the command would be:
curl --ciphers dhe_rsa_aes_128_cbc_sha,ecdh_rsa_aes_128_gcm_sha_256 <url>
To view a list of the ciphers that curl is using, you will need an external service - like this:
curl --ciphers ecdhe_rsa_aes_256_sha https://www.howsmyssl.com/a/check
Although NB, that service does not accept all ciphers, which means if you are restricting connection to only one cipher which is not in use, you will get an error "Cannot communicate securely with peer: no common encryption algorithm" instead of a response.