From e819c3a4ca1bff543f38b9504536ba5fa5013235 Mon Sep 17 00:00:00 2001
From: Jay Satiro <raysatiro@yahoo.com>
Date: Fri, 24 Oct 2014 14:26:57 -0400
Subject: SSL: PolarSSL default min SSL version TLS 1.0

- Prior to this change no SSL minimum version was set by default at
runtime for PolarSSL. Therefore in most cases PolarSSL would probably
have defaulted to a minimum version of SSLv3 which is no longer secure.
---
 lib/vtls/polarssl.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
index 5332b92ca..a9ea1e528 100644
--- a/lib/vtls/polarssl.c
+++ b/lib/vtls/polarssl.c
@@ -287,6 +287,11 @@ polarssl_connect_step1(struct connectdata *conn,
   }
 
   switch(data->set.ssl.version) {
+  default:
+  case CURL_SSLVERSION_DEFAULT:
+    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
+                        SSL_MINOR_VERSION_1);
+    break;
   case CURL_SSLVERSION_SSLv3:
     ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
                         SSL_MINOR_VERSION_0);
-- 
cgit v1.2.3