aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls
diff options
context:
space:
mode:
authorFabian Frank <fabian@pagefault.de>2014-02-06 00:41:53 -0800
committerDaniel Stenberg <daniel@haxx.se>2014-02-06 23:09:56 +0100
commitff92fcfb907b6aa69bc7e35670797fc0440756bd (patch)
tree736ade5445516ba2557cc2d354e0b1fbf0fd7694 /lib/vtls
parent8d1377282e67c4a3f8fbeaeccb81daa5cc843d71 (diff)
nss: prefer highest available TLS version
Offer TLSv1.0 to 1.2 by default, still fall back to SSLv3 if --tlsv1[.N] was not specified on the command line.
Diffstat (limited to 'lib/vtls')
-rw-r--r--lib/vtls/nss.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 0d5f740d8..1c5ff4f3e 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1193,8 +1193,9 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver,
if(data->state.ssl_connect_retry) {
infof(data, "TLS disabled due to previous handshake failure\n");
sslver->max = SSL_LIBRARY_VERSION_3_0;
+ return CURLE_OK;
}
- return CURLE_OK;
+ /* intentional fall-through to default to highest TLS version if possible */
case CURL_SSLVERSION_TLSv1:
sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;