cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: weak cipher suites with OpenSSL, SecureTransport and... ?

From: Marc Hörsken <info_at_marc-hoersken.de>
Date: Sat, 25 Jan 2014 21:49:08 +0100

Am 20.01.2014 11:23, schrieb Daniel Stenberg:
> You know of any downsides with this approach? Like for TLS1.0 only or
> SSLv3 only sites?

Actually there seems to be no difference for those sites. Without this
patch SChannel on Windows 7 will try to connect using TLSv1.0 first and
won't be able to connect to a SSLv3 site since TLSv1 does not support
downgrading to SSLv3. This means that the patch basically enables
TLSv1.1 and TLSv1.2 on top of TLSv1.0 and does not have any affect with
regards to SSLv3 which needs to be explicitly enabled using --sslv3.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-01-25