generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

gskit.c: remove SSLv3 from SSL default.

Browse Source
This commit is contained in:
Patrick Monnerat
2014-10-24 16:08:21 +02:00
parent 897ef500e5
commit 3ca560439c
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/vtls/gskit.c
View File

@@ -134,8 +134,12 @@ static const gskit_cipher ciphertable[] = {
CURL_GSKPROTO_TLSV10_MASK | CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV10_MASK | CURL_GSKPROTO_TLSV11_MASK |
CURL_GSKPROTO_TLSV12_MASK }, CURL_GSKPROTO_TLSV12_MASK },
{ "null-sha256", "3B", CURL_GSKPROTO_TLSV12_MASK }, { "null-sha256", "3B", CURL_GSKPROTO_TLSV12_MASK },
{ "aes128-sha256", "3D", CURL_GSKPROTO_TLSV12_MASK }, { "aes128-sha256", "3C", CURL_GSKPROTO_TLSV12_MASK },
{ "aes256-sha256", "3D", CURL_GSKPROTO_TLSV12_MASK }, { "aes256-sha256", "3D", CURL_GSKPROTO_TLSV12_MASK },
{ "aes128-gcm-sha256",
"9C", CURL_GSKPROTO_TLSV12_MASK },
{ "aes256-gcm-sha384",
"9D", CURL_GSKPROTO_TLSV12_MASK },
{ "rc4-md5", "1", CURL_GSKPROTO_SSLV2_MASK }, { "rc4-md5", "1", CURL_GSKPROTO_SSLV2_MASK },
{ "exp-rc4-md5", "2", CURL_GSKPROTO_SSLV2_MASK }, { "exp-rc4-md5", "2", CURL_GSKPROTO_SSLV2_MASK },
{ "rc2-md5", "3", CURL_GSKPROTO_SSLV2_MASK }, { "rc2-md5", "3", CURL_GSKPROTO_SSLV2_MASK },
@@ -612,8 +616,8 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex)
return result; return result;
/* Determine which SSL/TLS version should be enabled. */ /* Determine which SSL/TLS version should be enabled. */
protoflags = CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK | protoflags = CURL_GSKPROTO_TLSV10_MASK | CURL_GSKPROTO_TLSV11_MASK |
CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK; CURL_GSKPROTO_TLSV12_MASK;
sni = conn->host.name; sni = conn->host.name;
switch (data->set.ssl.version) { switch (data->set.ssl.version) {
case CURL_SSLVERSION_SSLv2: case CURL_SSLVERSION_SSLv2: