cURL / Mailing Lists / curl-users / Single Mail

curl-users

[PATCH] Document weaknesses in SSLv2 and SSLv3

From: Daniel Kahn Gillmor <dkg_at_fifthhorseman.net>
Date: Sat, 15 Aug 2015 10:33:59 +0200

Acknowledge that SSLv3 is also widely considered to be insecure.

Also, provide references for people who want to know more about why
it's insecure.

---
 docs/curl.1 | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/docs/curl.1 b/docs/curl.1
index cf37d63..dd17f55 100644
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -171,10 +171,11 @@ a level of control).
 .IP "-2, --sslv2"
 (SSL) Forces curl to use SSL version 2 when negotiating with a remote SSL
 server. Sometimes curl is built without SSLv2 support. SSLv2 is widely
-considered insecure.
+considered insecure (see RFC 6176).
 .IP "-3, --sslv3"
 (SSL) Forces curl to use SSL version 3 when negotiating with a remote SSL
-server. Sometimes curl is built without SSLv3 support.
+server. Sometimes curl is built without SSLv3 support. SSLv3 is widely
+considered insecure (see RFC 7568).
 .IP "-4, --ipv4"
 This option tells curl to resolve names to IPv4 addresses only, and not for
 example try IPv6.
-- 
2.5.0
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2015-08-15

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: [PATCH] Document weaknesses in SSLv2 and SSLv3"
Previous message: Daniel Stenberg: "[RELEASE] curl and libcurl 7.44.0"
Next in thread: Daniel Stenberg: "Re: [PATCH] Document weaknesses in SSLv2 and SSLv3"
Reply: Daniel Stenberg: "Re: [PATCH] Document weaknesses in SSLv2 and SSLv3"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]