diff options
author | Fabian Frank <fabian@pagefault.de> | 2014-02-06 00:41:53 -0800 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2014-02-06 23:09:56 +0100 |
commit | ff92fcfb907b6aa69bc7e35670797fc0440756bd (patch) | |
tree | 736ade5445516ba2557cc2d354e0b1fbf0fd7694 /lib | |
parent | 8d1377282e67c4a3f8fbeaeccb81daa5cc843d71 (diff) |
nss: prefer highest available TLS version
Offer TLSv1.0 to 1.2 by default, still fall back to SSLv3
if --tlsv1[.N] was not specified on the command line.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/vtls/nss.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index 0d5f740d8..1c5ff4f3e 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -1193,8 +1193,9 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver, if(data->state.ssl_connect_retry) { infof(data, "TLS disabled due to previous handshake failure\n"); sslver->max = SSL_LIBRARY_VERSION_3_0; + return CURLE_OK; } - return CURLE_OK; + /* intentional fall-through to default to highest TLS version if possible */ case CURL_SSLVERSION_TLSv1: sslver->min = SSL_LIBRARY_VERSION_TLS_1_0; |