From d7f4c3772e72ffc909a2823cec0766757eaf1245 Mon Sep 17 00:00:00 2001 From: Nick Zitzmann Date: Mon, 8 Apr 2013 17:07:20 -0600 Subject: darwinssl: disable insecure ciphers by default I noticed that aria2's SecureTransport code disables insecure ciphers such as NULL, anonymous, IDEA, and weak-key ciphers used by SSLv3 and later. That's a good idea, and now we do the same thing in order to prevent curl from accessing a "secure" site that only negotiates insecure ciphersuites. --- RELEASE-NOTES | 1 + 1 file changed, 1 insertion(+) (limited to 'RELEASE-NOTES') diff --git a/RELEASE-NOTES b/RELEASE-NOTES index e9872386d..97f6d79b3 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -78,6 +78,7 @@ This release includes the following bugfixes: o winssl: Fixed memory leak if connection was not successful o FTP: wait on both connections during active STOR state [21] o connect: treat a failed local bind of an interface as a non-fatal error [22] + o darwinssl: disable insecure ciphers by default This release includes the following known bugs: -- cgit v1.2.3