diff options
author | Gunter Knauf <gk@gknw.de> | 2008-02-19 23:10:07 +0000 |
---|---|---|
committer | Gunter Knauf <gk@gknw.de> | 2008-02-19 23:10:07 +0000 |
commit | f9a60620818b6a19ebe3e6f15e1b57d7012e6fb0 (patch) | |
tree | c2bc254dd996004ffef3b7af8eb66b36d1010bf1 /lib/nss.c | |
parent | 0cae2010440de8757a3a15792892d52d8e158bd6 (diff) |
applied patch to disable SSLv2 by default; discussion:
http://sourceforge.net/tracker/index.php?func=detail&aid=1767276&group_id=976&atid=350976
Submitted by Kaspar Brand.
Diffstat (limited to 'lib/nss.c')
-rw-r--r-- | lib/nss.c | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -873,7 +873,7 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex) switch (data->set.ssl.version) { default: case CURL_SSLVERSION_DEFAULT: - ssl2 = ssl3 = tlsv1 = PR_TRUE; + ssl3 = tlsv1 = PR_TRUE; break; case CURL_SSLVERSION_TLSv1: tlsv1 = PR_TRUE; @@ -893,6 +893,9 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex) if(SSL_OptionSet(model, SSL_ENABLE_TLS, tlsv1) != SECSuccess) goto error; + if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess) + goto error; + if(data->set.ssl.cipher_list) { if(set_ciphers(data, model, data->set.ssl.cipher_list) != SECSuccess) { curlerr = CURLE_SSL_CIPHER; |