diff options
author | Jay Satiro <raysatiro@yahoo.com> | 2014-10-24 13:41:56 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2014-10-24 13:41:56 +0200 |
commit | ec783dc142129d3860e542b443caaa78a6172d56 (patch) | |
tree | 7062b5f480575be59252816c9877823fbde143c9 /lib/vtls/cyassl.c | |
parent | 2b042574917aeff4d366dec23a7d007913cbe755 (diff) |
SSL: Remove SSLv3 from SSL default due to POODLE attack
- Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss,
openssl effectively making the default TLS 1.x. axTLS is not affected
since it supports only TLS, and gnutls is not affected since it already
defaults to TLS 1.x.
- Update CURLOPT_SSLVERSION doc
Diffstat (limited to 'lib/vtls/cyassl.c')
-rw-r--r-- | lib/vtls/cyassl.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c index 9b5c7c61c..15fc92926 100644 --- a/lib/vtls/cyassl.c +++ b/lib/vtls/cyassl.c @@ -99,10 +99,8 @@ cyassl_connect_step1(struct connectdata *conn, /* check to see if we've been told to use an explicit SSL/TLS version */ switch(data->set.ssl.version) { + default: case CURL_SSLVERSION_DEFAULT: - /* we try to figure out version */ - req_method = SSLv23_client_method(); - break; case CURL_SSLVERSION_TLSv1: infof(data, "CyaSSL cannot be configured to use TLS 1.0-1.2, " "TLS 1.0 is used exclusively\n"); @@ -120,8 +118,6 @@ cyassl_connect_step1(struct connectdata *conn, case CURL_SSLVERSION_SSLv3: req_method = SSLv3_client_method(); break; - default: - req_method = TLSv1_client_method(); } if(!req_method) { |