Merge branch 'master' of github.com:bagder/curl

author: Pierre Joye <pierre.php@gmail.com> 2012-01-26 16:39:53 +0100
committer: Pierre Joye <pierre.php@gmail.com> 2012-01-26 16:39:53 +0100
commit: 8ee2576b6fcc8aee0c768255a55e255a1868b609 (patch)
tree: 41dbe761ce20a76f3168257800bba199ed77ec47 /lib/gtls.c
parent: 575f3c30ed60aafddbaeeb26745cca942fb9ee2f (diff)
parent: cf9fb08ca4537d76afde44daf1e92307fe2882d3 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/gtls.c b/lib/gtls.c
index f44fd7748..e24e7a81e 100644
--- a/lib/gtls.c
+++ b/lib/gtls.c
@@ -453,7 +453,13 @@ gtls_connect_step1(struct connectdata *conn,
     rc = gnutls_protocol_set_priority(session, protocol_priority);
 #else
     const char *err;
-    rc = gnutls_priority_set_direct(session, "-VERS-TLS-ALL:+VERS-SSL3.0",
+    /* the combination of the cipher ARCFOUR with SSL 3.0 and TLS 1.0 is not
+       vulnerable to attacks such as the BEAST, why this code now explicitly
+       asks for that
+    */
+    rc = gnutls_priority_set_direct(session,
+                                    "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0:"
+                                    "-CIPHER-ALL:+ARCFOUR-128",
                                     &err);
 #endif
     if(rc != GNUTLS_E_SUCCESS)
author	Pierre Joye <pierre.php@gmail.com>	2012-01-26 16:39:53 +0100
committer	Pierre Joye <pierre.php@gmail.com>	2012-01-26 16:39:53 +0100
commit	8ee2576b6fcc8aee0c768255a55e255a1868b609 (patch)
tree	41dbe761ce20a76f3168257800bba199ed77ec47 /lib/gtls.c
parent	575f3c30ed60aafddbaeeb26745cca942fb9ee2f (diff)
parent	cf9fb08ca4537d76afde44daf1e92307fe2882d3 (diff)