From 3ca560439c11cc358c94dd9269b6076fbb48ff48 Mon Sep 17 00:00:00 2001
From: Patrick Monnerat <pm@datasphere.ch>
Date: Fri, 24 Oct 2014 16:08:21 +0200
Subject: gskit.c: remove SSLv3 from SSL default.

---
 lib/vtls/gskit.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c
index a3cf40b40..87086de30 100644
--- a/lib/vtls/gskit.c
+++ b/lib/vtls/gskit.c
@@ -134,8 +134,12 @@ static const gskit_cipher  ciphertable[] = {
       CURL_GSKPROTO_TLSV10_MASK | CURL_GSKPROTO_TLSV11_MASK |
       CURL_GSKPROTO_TLSV12_MASK },
   { "null-sha256",      "3B",   CURL_GSKPROTO_TLSV12_MASK },
-  { "aes128-sha256",    "3D",   CURL_GSKPROTO_TLSV12_MASK },
+  { "aes128-sha256",    "3C",   CURL_GSKPROTO_TLSV12_MASK },
   { "aes256-sha256",    "3D",   CURL_GSKPROTO_TLSV12_MASK },
+  { "aes128-gcm-sha256",
+                        "9C",   CURL_GSKPROTO_TLSV12_MASK },
+  { "aes256-gcm-sha384",
+                        "9D",   CURL_GSKPROTO_TLSV12_MASK },
   { "rc4-md5",          "1",    CURL_GSKPROTO_SSLV2_MASK },
   { "exp-rc4-md5",      "2",    CURL_GSKPROTO_SSLV2_MASK },
   { "rc2-md5",          "3",    CURL_GSKPROTO_SSLV2_MASK },
@@ -612,8 +616,8 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex)
     return result;
 
   /* Determine which SSL/TLS version should be enabled. */
-  protoflags = CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |
-               CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK;
+  protoflags = CURL_GSKPROTO_TLSV10_MASK | CURL_GSKPROTO_TLSV11_MASK |
+               CURL_GSKPROTO_TLSV12_MASK;
   sni = conn->host.name;
   switch (data->set.ssl.version) {
   case CURL_SSLVERSION_SSLv2:
-- 
cgit v1.2.3