cURL / Mailing Lists / curl-library / Single Mail


Re: curl 7.19.5 with GnuTLS/2.8.3 fails SSL (AES256-SHA) unless SSLv3 explicitly set

From: Kamil Dudka <>
Date: Mon, 21 Jun 2010 00:24:06 +0200

On Sunday 20 of June 2010 23:56:12 Octavius Gracchus wrote:
> suggested fix: if linked with GnuTLS, activate SSLv3 automatically.

So you hit a broken server and setting the SSL version back to SSLv3
solved _your_ problem. But that's not reason for us to use SSLv3 by
default. Generally TLSv1 is preferred over the previous versions of
SSL because it's more secure etc.

You may consider using libcurl over NSS as there is implemented
an automatic fallback to SSLv3 if the handshake fails with certain
errors. But again, that's only a workaround for broken _servers_.

List admin:
Received on 2010-06-21