mirror of
https://github.com/moparisthebest/curl
synced 2024-12-22 08:08:50 -05:00
openssl: use OpenSSL's default ciphers by default
Up2date versions of OpenSSL maintain the default reasonably secure without breaking compatibility, so it is better not to override the default by curl. Suggested at https://bugzilla.redhat.com/1483972 Closes #1846
This commit is contained in:
parent
25fc694a41
commit
ea142a837e
@ -154,8 +154,16 @@ static unsigned long OpenSSL_version_num(void)
|
|||||||
#define OSSL_PACKAGE "OpenSSL"
|
#define OSSL_PACKAGE "OpenSSL"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
||||||
|
/* up2date versions of OpenSSL maintain the default reasonably secure without
|
||||||
|
* breaking compatibility, so it is better not to override the default by curl
|
||||||
|
*/
|
||||||
|
#define DEFAULT_CIPHER_SELECTION NULL
|
||||||
|
#else
|
||||||
|
/* ... but it is not the case with old versions of OpenSSL */
|
||||||
#define DEFAULT_CIPHER_SELECTION \
|
#define DEFAULT_CIPHER_SELECTION \
|
||||||
"ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"
|
"ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"
|
||||||
|
#endif
|
||||||
|
|
||||||
struct ssl_backend_data {
|
struct ssl_backend_data {
|
||||||
/* these ones requires specific SSL-types */
|
/* these ones requires specific SSL-types */
|
||||||
@ -2116,11 +2124,13 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
|
|||||||
ciphers = SSL_CONN_CONFIG(cipher_list);
|
ciphers = SSL_CONN_CONFIG(cipher_list);
|
||||||
if(!ciphers)
|
if(!ciphers)
|
||||||
ciphers = (char *)DEFAULT_CIPHER_SELECTION;
|
ciphers = (char *)DEFAULT_CIPHER_SELECTION;
|
||||||
|
if(ciphers) {
|
||||||
if(!SSL_CTX_set_cipher_list(BACKEND->ctx, ciphers)) {
|
if(!SSL_CTX_set_cipher_list(BACKEND->ctx, ciphers)) {
|
||||||
failf(data, "failed setting cipher list: %s", ciphers);
|
failf(data, "failed setting cipher list: %s", ciphers);
|
||||||
return CURLE_SSL_CIPHER;
|
return CURLE_SSL_CIPHER;
|
||||||
}
|
}
|
||||||
infof(data, "Cipher selection: %s\n", ciphers);
|
infof(data, "Cipher selection: %s\n", ciphers);
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef USE_TLS_SRP
|
#ifdef USE_TLS_SRP
|
||||||
if(ssl_authtype == CURL_TLSAUTH_SRP) {
|
if(ssl_authtype == CURL_TLSAUTH_SRP) {
|
||||||
|
Loading…
Reference in New Issue
Block a user