1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 00:28:48 -05:00
Commit Graph

362 Commits

Author SHA1 Message Date
Daniel Stenberg
3b5c75ef3d OpenSSL: deselect weak ciphers by default
By default even recent versions of OpenSSL support and accept both
"export strength" ciphers, small-bitsize ciphers as well as downright
deprecated ones.

This change sets a default cipher set that avoids the worst ciphers, and
subsequently makes https://www.howsmyssl.com/a/check no longer grade
curl/OpenSSL connects as 'Bad'.

Bug: http://curl.haxx.se/bug/view.cgi?id=1323
Reported-by: Jeff Hodges
2014-01-12 00:14:01 +01:00
Nick Zitzmann
21aa79f463 darwinssl: un-break Leopard build after PKCS#12 change
It turns out errSecDecode wasn't defined in Leopard's headers. So
we use the enum's value instead.

Bug: http://curl.haxx.se/mail/lib-2013-12/0150.html
Reported by: Abram Pousada
2014-01-09 17:53:29 -06:00
Daniel Stenberg
3529162405 openssl: allow explicit sslv2 selection
If OpenSSL is built to support SSLv2 this brings back the ability to
explicitly select that as a protocol level.

Reported-by: Steve Holme
Bug: http://curl.haxx.se/mail/lib-2014-01/0013.html
2014-01-03 11:52:49 +01:00
Steve Holme
c50d3ed075 Updated copyright year for recent changes 2014-01-02 23:53:29 +00:00
Barry Abrahamson
4bb7400529 OpenSSL: Fix forcing SSLv3 connections
Some feedback provided by byte_bucket on IRC pointed out that commit
db11750cfa wasn’t really correct because it allows for “upgrading” to a
newer protocol when it should be only allowing for SSLv3.

This change fixes that.

When SSLv3 connection is forced, don't allow SSL negotiations for newer
versions.  Feedback provided by byte_bucket in #curl.  This behavior is
also consistent with the other force flags like --tlsv1.1 which doesn't
allow for TLSv1.2 negotiation, etc

Feedback-by: byte_bucket
Bug: http://curl.haxx.se/bug/view.cgi?id=1319
2014-01-02 23:41:33 +01:00
Barry Abrahamson
db11750cfa OpenSSL: Fix forcing SSLv3 connections
Since ad34a2d5c8 (present in 7.34.0 release) forcing
SSLv3 will always return the error "curl: (35) Unsupported SSL protocol
version" Can be replicated with `curl -I -3 https://www.google.com/`.
This fix simply allows for v3 to be forced.
2014-01-01 21:36:47 +01:00
Steve Holme
f88f9bed00 vtls: Updated comments referencing sslgen.c and ssluse.c 2013-12-26 21:42:22 +00:00
Steve Holme
9aa6e4357a vtls: Fixed up include of vtls.h 2013-12-26 21:25:51 +00:00
Daniel Stenberg
11e8066ef9 vtls: renamed sslgen.[ch] to vtls.[ch] 2013-12-20 17:12:42 +01:00
Daniel Stenberg
92b9ae5c5d openssl: renamed backend files to openssl.[ch] 2013-12-20 17:12:42 +01:00
Daniel Stenberg
a47c142a88 vtls: moved all TLS/SSL source and header files into subdir 2013-12-20 17:12:42 +01:00
Daniel Stenberg
eccf4fb7ee vtls: created subdir, moved sslgen.[ch] there, updated all include lines 2013-12-20 17:12:42 +01:00