Specify the prefix as /root/install , and you can modify it according to your enviroment, Compile using static linking, tassl_tlcp.patch is located in the /root/install.
NOTE: Currently, testing is only conducted on Linux
base on openssl1.1.1s https://github.com/jntass/TASSL-1.1.1/
./config --prefix=/root/install/tassl111s -DOPENSSL_TLS_SECURITY_LEVEL=0 enable-rc4 enable-des enable-ssl2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers no-shared
make
make install
nghttp2-1.59.0 https://github.com/nghttp2/nghttp2/
autoreconf -i
automake
autoconf
./configure --prefix=/root/install/nghttp2 --disable-shared --enable-static
make
make install
libpsl-0.21.5 https://github.com/rockdaboot/libpsl
./configure --prefix=/root/install/libpsl --disable-shared --enable-static
make
make install
curl-8.6.0 https://github.com/curl/curl
patch -p1 < ../tassl_tlcp.patch
CPPFLAGS="-I/root/install/libpsl/include" LDFLAGS="-L/root/install/libpsl/lib" ./configure --prefix=/root/install/curl --disable-shared --enable-static --with-ssl=/root/install/tassl111s --with-nghttp2=/root/install/nghttp2
make
make install
add extra option:
--cert2 <certificate[:password]> SM encryption Client certificate file and password
--cert2-type <type> SM encryption Certificate type (DER/PEM/ENG/P12)
--key2 <key> SM encryption Private key file name
--key2-type <type> SM encryption Private key file type (DER/PEM/ENG)
--pass2 <phrase> Pass phrase for the SM encryption private key
--tlcp Use TLCP
./curl --tlcp -k https://demo.gmssl.cn:1443 -v
* Host demo.gmssl.cn:1443 was resolved.
* IPv6: (none)
* IPv4: 47.93.114.141
* Trying 47.93.114.141:1443...
* Connected to demo.gmssl.cn (47.93.114.141) port 1443
* ALPN: curl offers h2,http/1.1
* TLCP (OUT), TLS handshake, Client hello (1):
* TLCP (IN), TLS handshake, Server hello (2):
* TLCP (IN), TLS handshake, Certificate (11):
* TLCP (IN), TLS handshake, Server key exchange (12):
* TLCP (IN), TLS handshake, Server finished (14):
* TLCP (OUT), TLS handshake, Client key exchange (16):
* TLCP (OUT), TLS change cipher, Change cipher spec (1):
* TLCP (OUT), TLS handshake, Finished (20):
* TLCP (IN), TLS handshake, Finished (20):
* SSL connection using GMTLSv1.1 / ECC-SM4-GCM-SM3 / [blank] / UNDEF
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: C=CN; CN=demo.gmssl.cn
* start date: Dec 3 16:00:00 2023 GMT
* expire date: Dec 3 16:00:00 2028 GMT
* issuer: C=CN; O=GMSSL; OU=PKI/SM2; CN=MiddleCA for Test
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Certificate level 0: Public key type ? (256/128 Bits/secBits), signed using sm3WithSM2Sign
* Certificate level 1: Public key type ? (256/128 Bits/secBits), signed using sm3WithSM2Sign
* using HTTP/1.x
> GET / HTTP/1.1
> Host: demo.gmssl.cn:1443
> User-Agent: curl/8.6.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx/1.24.0
< Date: Fri, 16 Feb 2024 03:29:33 GMT
< Content-Type: text/html
< Content-Length: 615
< Last-Modified: Wed, 07 Feb 2024 12:17:59 GMT
< Connection: keep-alive
< ETag: "65c374f7-267"
< Accept-Ranges: bytes
...
test certificates from https://www.gmcrt.cn/gmcrt/index.jsp
./curl --tlcp --cert sm2.user01.sig.crt.pem --key sm2.user01.sig.key.pem --cert2 sm2.user01.enc.crt.pem --key2 sm2.user01.enc.key.pem --cacert sm2.ca.pem https://demo.gmssl.cn:2443/ -v
* Host demo.gmssl.cn:2443 was resolved.
* IPv6: (none)
* IPv4: 47.93.114.141
* Trying 47.93.114.141:2443...
* Connected to demo.gmssl.cn (47.93.114.141) port 2443
* ALPN: curl offers h2,http/1.1
* TLCP (OUT), TLS handshake, Client hello (1):
* CAfile: sm2.ca.pem
* CApath: none
* TLCP (IN), TLS handshake, Server hello (2):
* TLCP (IN), TLS handshake, Certificate (11):
* TLCP (IN), TLS handshake, Server key exchange (12):
* TLCP (IN), TLS handshake, Request CERT (13):
* TLCP (IN), TLS handshake, Server finished (14):
* TLCP (OUT), TLS handshake, Certificate (11):
* TLCP (OUT), TLS handshake, Client key exchange (16):
* TLCP (OUT), TLS handshake, CERT verify (15):
* TLCP (OUT), TLS change cipher, Change cipher spec (1):
* TLCP (OUT), TLS handshake, Finished (20):
* TLCP (IN), TLS handshake, Finished (20):
* SSL connection using GMTLSv1.1 / ECC-SM4-GCM-SM3 / [blank] / UNDEF
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: C=CN; CN=demo.gmssl.cn
* start date: Dec 3 16:00:00 2023 GMT
* expire date: Dec 3 16:00:00 2028 GMT
* subjectAltName: host "demo.gmssl.cn" matched cert's "demo.gmssl.cn"
* issuer: C=CN; O=GMSSL; OU=PKI/SM2; CN=MiddleCA for Test
* SSL certificate verify ok.
* Certificate level 0: Public key type ? (256/128 Bits/secBits), signed using sm3WithSM2Sign
* Certificate level 1: Public key type ? (256/128 Bits/secBits), signed using sm3WithSM2Sign
* using HTTP/1.x
> GET / HTTP/1.1
> Host: demo.gmssl.cn:2443
> User-Agent: curl/8.6.0
> Accept: */*
...