aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPatrick Monnerat <pm@datasphere.ch>2014-10-24 16:08:21 +0200
committerPatrick Monnerat <pm@datasphere.ch>2014-10-24 16:08:21 +0200
commit3ca560439c11cc358c94dd9269b6076fbb48ff48 (patch)
tree86d54590ec08251b6ae6524aeb307e9a99d839e2
parent897ef500e5cbdd2bddfaa3885ce3784599d11934 (diff)
gskit.c: remove SSLv3 from SSL default.
-rw-r--r--lib/vtls/gskit.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c
index a3cf40b40..87086de30 100644
--- a/lib/vtls/gskit.c
+++ b/lib/vtls/gskit.c
@@ -134,8 +134,12 @@ static const gskit_cipher ciphertable[] = {
CURL_GSKPROTO_TLSV10_MASK | CURL_GSKPROTO_TLSV11_MASK |
CURL_GSKPROTO_TLSV12_MASK },
{ "null-sha256", "3B", CURL_GSKPROTO_TLSV12_MASK },
- { "aes128-sha256", "3D", CURL_GSKPROTO_TLSV12_MASK },
+ { "aes128-sha256", "3C", CURL_GSKPROTO_TLSV12_MASK },
{ "aes256-sha256", "3D", CURL_GSKPROTO_TLSV12_MASK },
+ { "aes128-gcm-sha256",
+ "9C", CURL_GSKPROTO_TLSV12_MASK },
+ { "aes256-gcm-sha384",
+ "9D", CURL_GSKPROTO_TLSV12_MASK },
{ "rc4-md5", "1", CURL_GSKPROTO_SSLV2_MASK },
{ "exp-rc4-md5", "2", CURL_GSKPROTO_SSLV2_MASK },
{ "rc2-md5", "3", CURL_GSKPROTO_SSLV2_MASK },
@@ -612,8 +616,8 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex)
return result;
/* Determine which SSL/TLS version should be enabled. */
- protoflags = CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |
- CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK;
+ protoflags = CURL_GSKPROTO_TLSV10_MASK | CURL_GSKPROTO_TLSV11_MASK |
+ CURL_GSKPROTO_TLSV12_MASK;
sni = conn->host.name;
switch (data->set.ssl.version) {
case CURL_SSLVERSION_SSLv2: