diff options
| author | Jay Satiro <raysatiro@yahoo.com> | 2014-10-24 14:26:57 -0400 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2014-11-04 11:40:51 +0100 |
| commit | e819c3a4ca1bff543f38b9504536ba5fa5013235 (patch) | |
| tree | 7ca398305094b54ba28606d2af247b3bbb889422 | |
| parent | fb249902111b28c1034d5e364ef472859ec4718f (diff) | |
SSL: PolarSSL default min SSL version TLS 1.0
- Prior to this change no SSL minimum version was set by default at
runtime for PolarSSL. Therefore in most cases PolarSSL would probably
have defaulted to a minimum version of SSLv3 which is no longer secure.
| -rw-r--r-- | lib/vtls/polarssl.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c index 5332b92ca..a9ea1e528 100644 --- a/lib/vtls/polarssl.c +++ b/lib/vtls/polarssl.c @@ -287,6 +287,11 @@ polarssl_connect_step1(struct connectdata *conn, } switch(data->set.ssl.version) { + default: + case CURL_SSLVERSION_DEFAULT: + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, + SSL_MINOR_VERSION_1); + break; case CURL_SSLVERSION_SSLv3: ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0); |