diff options
| author | Patrick Monnerat <pm@datasphere.ch> | 2014-10-24 16:08:21 +0200 |
|---|---|---|
| committer | Patrick Monnerat <pm@datasphere.ch> | 2014-10-24 16:08:21 +0200 |
| commit | 3ca560439c11cc358c94dd9269b6076fbb48ff48 (patch) | |
| tree | 86d54590ec08251b6ae6524aeb307e9a99d839e2 | |
| parent | 897ef500e5cbdd2bddfaa3885ce3784599d11934 (diff) | |
gskit.c: remove SSLv3 from SSL default.
| -rw-r--r-- | lib/vtls/gskit.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c index a3cf40b40..87086de30 100644 --- a/lib/vtls/gskit.c +++ b/lib/vtls/gskit.c @@ -134,8 +134,12 @@ static const gskit_cipher ciphertable[] = { CURL_GSKPROTO_TLSV10_MASK | CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK }, { "null-sha256", "3B", CURL_GSKPROTO_TLSV12_MASK }, - { "aes128-sha256", "3D", CURL_GSKPROTO_TLSV12_MASK }, + { "aes128-sha256", "3C", CURL_GSKPROTO_TLSV12_MASK }, { "aes256-sha256", "3D", CURL_GSKPROTO_TLSV12_MASK }, + { "aes128-gcm-sha256", + "9C", CURL_GSKPROTO_TLSV12_MASK }, + { "aes256-gcm-sha384", + "9D", CURL_GSKPROTO_TLSV12_MASK }, { "rc4-md5", "1", CURL_GSKPROTO_SSLV2_MASK }, { "exp-rc4-md5", "2", CURL_GSKPROTO_SSLV2_MASK }, { "rc2-md5", "3", CURL_GSKPROTO_SSLV2_MASK }, @@ -612,8 +616,8 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex) return result; /* Determine which SSL/TLS version should be enabled. */ - protoflags = CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK | - CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK; + protoflags = CURL_GSKPROTO_TLSV10_MASK | CURL_GSKPROTO_TLSV11_MASK | + CURL_GSKPROTO_TLSV12_MASK; sni = conn->host.name; switch (data->set.ssl.version) { case CURL_SSLVERSION_SSLv2: |