Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-01-02 | OpenSSL: Fix forcing SSLv3 connections | Barry Abrahamson | |
Some feedback provided by byte_bucket on IRC pointed out that commit db11750cfa5b1 wasn’t really correct because it allows for “upgrading” to a newer protocol when it should be only allowing for SSLv3. This change fixes that. When SSLv3 connection is forced, don't allow SSL negotiations for newer versions. Feedback provided by byte_bucket in #curl. This behavior is also consistent with the other force flags like --tlsv1.1 which doesn't allow for TLSv1.2 negotiation, etc Feedback-by: byte_bucket Bug: http://curl.haxx.se/bug/view.cgi?id=1319 | |||
2014-01-01 | OpenSSL: Fix forcing SSLv3 connections | Barry Abrahamson | |
Since ad34a2d5c87c7f4b14e8dded3 (present in 7.34.0 release) forcing SSLv3 will always return the error "curl: (35) Unsupported SSL protocol version" Can be replicated with `curl -I -3 https://www.google.com/`. This fix simply allows for v3 to be forced. | |||
2013-12-26 | vtls: Updated comments referencing sslgen.c and ssluse.c | Steve Holme | |
2013-12-26 | vtls: Fixed up include of vtls.h | Steve Holme | |
2013-12-20 | vtls: renamed sslgen.[ch] to vtls.[ch] | Daniel Stenberg | |
2013-12-20 | openssl: renamed backend files to openssl.[ch] | Daniel Stenberg | |
2013-12-20 | vtls: moved all TLS/SSL source and header files into subdir | Daniel Stenberg | |
2013-12-20 | vtls: created subdir, moved sslgen.[ch] there, updated all include lines | Daniel Stenberg | |