diff options
author | Jay Satiro <raysatiro@yahoo.com> | 2014-10-24 13:41:56 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2014-10-24 13:41:56 +0200 |
commit | ec783dc142129d3860e542b443caaa78a6172d56 (patch) | |
tree | 7062b5f480575be59252816c9877823fbde143c9 /lib/vtls/curl_darwinssl.c | |
parent | 2b042574917aeff4d366dec23a7d007913cbe755 (diff) |
SSL: Remove SSLv3 from SSL default due to POODLE attack
- Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss,
openssl effectively making the default TLS 1.x. axTLS is not affected
since it supports only TLS, and gnutls is not affected since it already
defaults to TLS 1.x.
- Update CURLOPT_SSLVERSION doc
Diffstat (limited to 'lib/vtls/curl_darwinssl.c')
-rw-r--r-- | lib/vtls/curl_darwinssl.c | 29 |
1 files changed, 4 insertions, 25 deletions
diff --git a/lib/vtls/curl_darwinssl.c b/lib/vtls/curl_darwinssl.c index f229c6fe2..99b5af752 100644 --- a/lib/vtls/curl_darwinssl.c +++ b/lib/vtls/curl_darwinssl.c @@ -1057,10 +1057,8 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS if(SSLSetProtocolVersionMax != NULL) { switch(data->set.ssl.version) { - case CURL_SSLVERSION_DEFAULT: default: - (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol3); - (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol12); - break; + default: + case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol1); (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol12); @@ -1096,20 +1094,8 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, kSSLProtocolAll, false); switch (data->set.ssl.version) { - case CURL_SSLVERSION_DEFAULT: default: - (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, - kSSLProtocol3, - true); - (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, - kTLSProtocol1, - true); - (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, - kTLSProtocol11, - true); - (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, - kTLSProtocol12, - true); - break; + default: + case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, kTLSProtocol1, @@ -1158,13 +1144,6 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, switch(data->set.ssl.version) { default: case CURL_SSLVERSION_DEFAULT: - (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, - kSSLProtocol3, - true); - (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, - kTLSProtocol1, - true); - break; case CURL_SSLVERSION_TLSv1: case CURL_SSLVERSION_TLSv1_0: (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, |