SSL: Remove SSLv3 from SSL default due to POODLE attack

- Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss,
openssl effectively making the default TLS 1.x. axTLS is not affected
since it supports only TLS, and gnutls is not affected since it already
defaults to TLS 1.x.

- Update CURLOPT_SSLVERSION doc

1 files changed, 2 insertions, 6 deletions

diff --git a/lib/vtls/curl_schannel.c b/lib/vtls/curl_schannel.c
index 925df37a0..3a740bd28 100644
--- a/lib/vtls/curl_schannel.c
+++ b/lib/vtls/curl_schannel.c
@@ -164,6 +164,8 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
     }
 
     switch(data->set.ssl.version) {
+      default:
+      case CURL_SSLVERSION_DEFAULT:
       case CURL_SSLVERSION_TLSv1:
         schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_0_CLIENT |
                                               SP_PROT_TLS1_1_CLIENT |
@@ -184,12 +186,6 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
       case CURL_SSLVERSION_SSLv2:
         schannel_cred.grbitEnabledProtocols = SP_PROT_SSL2_CLIENT;
         break;
-      default:
-        schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_0_CLIENT |
-                                              SP_PROT_TLS1_1_CLIENT |
-                                              SP_PROT_TLS1_2_CLIENT |
-                                              SP_PROT_SSL3_CLIENT;
-        break;
     }
 
     /* allocate memory for the re-usable credential handle */