aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/vtls/nss.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index ef200514f..946c69717 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1776,6 +1776,7 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
CURLcode result;
bool second_layer = FALSE;
+ SSLVersionRange sslver_supported;
SSLVersionRange sslver = {
SSL_LIBRARY_VERSION_TLS_1_0, /* min */
@@ -1832,6 +1833,14 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
/* enable/disable the requested SSL version(s) */
if(nss_init_sslver(&sslver, data, conn) != CURLE_OK)
goto error;
+ if(SSL_VersionRangeGetSupported(ssl_variant_stream,
+ &sslver_supported) != SECSuccess)
+ goto error;
+ if(sslver_supported.max < sslver.max && sslver_supported.max >= sslver.min) {
+ infof(data, "Falling back (from %d) to max supported SSL version (%d)\n",
+ sslver.max, sslver_supported.max);
+ sslver.max = sslver_supported.max;
+ }
if(SSL_VersionRangeSet(model, &sslver) != SECSuccess)
goto error;
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 05:56:08 +0000