applied patch to disable SSLv2 by default; discussion:

http://sourceforge.net/tracker/index.php?func=detail&aid=1767276&group_id=976&atid=350976 Submitted by Kaspar Brand.
author: Gunter Knauf <gk@gknw.de> 2008-02-19 23:10:07 +0000
committer: Gunter Knauf <gk@gknw.de> 2008-02-19 23:10:07 +0000
commit: f9a60620818b6a19ebe3e6f15e1b57d7012e6fb0 (patch)
tree: c2bc254dd996004ffef3b7af8eb66b36d1010bf1 /lib/nss.c
parent: 0cae2010440de8757a3a15792892d52d8e158bd6 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/nss.c b/lib/nss.c
index b8f2ddd5c..6e3ee8604 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -873,7 +873,7 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex)
   switch (data->set.ssl.version) {
   default:
   case CURL_SSLVERSION_DEFAULT:
-    ssl2 = ssl3 = tlsv1 = PR_TRUE;
+    ssl3 = tlsv1 = PR_TRUE;
     break;
   case CURL_SSLVERSION_TLSv1:
     tlsv1 = PR_TRUE;
@@ -893,6 +893,9 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex)
   if(SSL_OptionSet(model, SSL_ENABLE_TLS, tlsv1) != SECSuccess)
     goto error;
 
+  if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
+    goto error;
+
   if(data->set.ssl.cipher_list) {
     if(set_ciphers(data, model, data->set.ssl.cipher_list) != SECSuccess) {
       curlerr = CURLE_SSL_CIPHER;
author	Gunter Knauf <gk@gknw.de>	2008-02-19 23:10:07 +0000
committer	Gunter Knauf <gk@gknw.de>	2008-02-19 23:10:07 +0000
commit	f9a60620818b6a19ebe3e6f15e1b57d7012e6fb0 (patch)
tree	c2bc254dd996004ffef3b7af8eb66b36d1010bf1 /lib/nss.c
parent	0cae2010440de8757a3a15792892d52d8e158bd6 (diff)