diff options
-rw-r--r-- | docs/SSL-PROBLEMS | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/docs/SSL-PROBLEMS b/docs/SSL-PROBLEMS index 36502672d..5a56d3da5 100644 --- a/docs/SSL-PROBLEMS +++ b/docs/SSL-PROBLEMS @@ -26,7 +26,7 @@ CA bundle missing intermediate certificates problems if your CA cert does not have the certificates for the intermediates in the whole trust chain. -SSL version +Protocol version Some broken servers fail to support the protocol negotiation properly that SSL servers are supposed to handle. This may cause the connection to fail @@ -36,7 +36,9 @@ SSL version An additional complication can be that modern SSL libraries sometimes are built with support for older SSL and TLS versions disabled! -SSL ciphers + All versions of SSL are considered insecure and should be avoided. Use TLS. + +Ciphers Clients give servers a list of ciphers to select from. If the list doesn't include any ciphers the server wants/can use, the connection handshake @@ -51,6 +53,10 @@ SSL ciphers Note that these weak ciphers are identified as flawed. For example, this includes symmetric ciphers with less than 128 bit keys and RC4. + WinSSL in Windows XP is not able to connect to servers that no longer + support the legacy handshakes and algorithms used by those versions, so we + advice against building curl to use WinSSL on really old Windows versions. + References: https://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-01 |