generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

darwinssl: disable insecure ciphers by default

Browse Source 
I noticed that aria2's SecureTransport code disables insecure ciphers such
as NULL, anonymous, IDEA, and weak-key ciphers used by SSLv3 and later.
That's a good idea, and now we do the same thing in order to prevent curl
from accessing a "secure" site that only negotiates insecure ciphersuites.
This commit is contained in:
Nick Zitzmann
2013-04-08 17:07:20 -06:00
parent 29fdb2700f
commit d7f4c3772e
2 changed files with 83 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
RELEASE-NOTES
View File

@@ -78,6 +78,7 @@ This release includes the following bugfixes:
o winssl: Fixed memory leak if connection was not successful
o FTP: wait on both connections during active STOR state [21]
o connect: treat a failed local bind of an interface as a non-fatal error [22]
o darwinssl: disable insecure ciphers by default
This release includes the following known bugs: