aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls
diff options
context:
space:
mode:
authorJay Satiro <raysatiro@yahoo.com>2014-10-24 14:26:57 -0400
committerDaniel Stenberg <daniel@haxx.se>2014-11-04 11:40:51 +0100
commite819c3a4ca1bff543f38b9504536ba5fa5013235 (patch)
tree7ca398305094b54ba28606d2af247b3bbb889422 /lib/vtls
parentfb249902111b28c1034d5e364ef472859ec4718f (diff)
SSL: PolarSSL default min SSL version TLS 1.0
- Prior to this change no SSL minimum version was set by default at runtime for PolarSSL. Therefore in most cases PolarSSL would probably have defaulted to a minimum version of SSLv3 which is no longer secure.
Diffstat (limited to 'lib/vtls')
-rw-r--r--lib/vtls/polarssl.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
index 5332b92ca..a9ea1e528 100644
--- a/lib/vtls/polarssl.c
+++ b/lib/vtls/polarssl.c
@@ -287,6 +287,11 @@ polarssl_connect_step1(struct connectdata *conn,
}
switch(data->set.ssl.version) {
+ default:
+ case CURL_SSLVERSION_DEFAULT:
+ ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
+ SSL_MINOR_VERSION_1);
+ break;
case CURL_SSLVERSION_SSLv3:
ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
SSL_MINOR_VERSION_0);