aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls/openssl.c
AgeCommit message (Collapse)Author
2014-01-30http2-openssl: verify that NPN functionality is presentDaniel Stenberg
2014-01-30openssl: set up hooks with to perform NPNFabian Frank
NPN is what is available in the wild today to negotiate SPDY or HTTP/2.0 connections. It is expected to be replaced by ALPN in the future. If HTTP/2.0 is negotiated, this is indicated for the entire connection and http.c is expected to initialize itself for HTTP/2.0 instead of HTTP/1.1. see: http://technotes.googlecode.com/git/nextprotoneg.html http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04
2014-01-12OpenSSL: deselect weak ciphers by defaultDaniel Stenberg
By default even recent versions of OpenSSL support and accept both "export strength" ciphers, small-bitsize ciphers as well as downright deprecated ones. This change sets a default cipher set that avoids the worst ciphers, and subsequently makes https://www.howsmyssl.com/a/check no longer grade curl/OpenSSL connects as 'Bad'. Bug: http://curl.haxx.se/bug/view.cgi?id=1323 Reported-by: Jeff Hodges
2014-01-03openssl: allow explicit sslv2 selectionDaniel Stenberg
If OpenSSL is built to support SSLv2 this brings back the ability to explicitly select that as a protocol level. Reported-by: Steve Holme Bug: http://curl.haxx.se/mail/lib-2014-01/0013.html
2014-01-02Updated copyright year for recent changesSteve Holme
2014-01-02OpenSSL: Fix forcing SSLv3 connectionsBarry Abrahamson
Some feedback provided by byte_bucket on IRC pointed out that commit db11750cfa5b1 wasn’t really correct because it allows for “upgrading” to a newer protocol when it should be only allowing for SSLv3. This change fixes that. When SSLv3 connection is forced, don't allow SSL negotiations for newer versions. Feedback provided by byte_bucket in #curl. This behavior is also consistent with the other force flags like --tlsv1.1 which doesn't allow for TLSv1.2 negotiation, etc Feedback-by: byte_bucket Bug: http://curl.haxx.se/bug/view.cgi?id=1319
2014-01-01OpenSSL: Fix forcing SSLv3 connectionsBarry Abrahamson
Since ad34a2d5c87c7f4b14e8dded3 (present in 7.34.0 release) forcing SSLv3 will always return the error "curl: (35) Unsupported SSL protocol version" Can be replicated with `curl -I -3 https://www.google.com/`. This fix simply allows for v3 to be forced.
2013-12-26vtls: Updated comments referencing sslgen.c and ssluse.cSteve Holme
2013-12-26vtls: Fixed up include of vtls.hSteve Holme
2013-12-20vtls: renamed sslgen.[ch] to vtls.[ch]Daniel Stenberg
2013-12-20openssl: renamed backend files to openssl.[ch]Daniel Stenberg