cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: weak cipher suites with OpenSSL, SecureTransport and... ?

From: Fabian Frank <fabian.frank.de_at_gmail.com>
Date: Thu, 6 Feb 2014 00:52:37 -0800

On Jan 30, 2014, at 1:21 PM, Fabian Frank <fabian.frank.de_at_gmail.com> wrote:

> I agree with your assessment that the priority order should be
> TLS1.2 -> TLS 1.1 -> TLS 1.0 -> SSL v3

I happened to touch nss.c today, so I used the chance and do a quick check against https://www.howsmyssl.com/a/check. There were no insecure ciphers, but curl still preferred TLS 1.0 over 1.1 or 1.2. I created a patch to change this and default to the highest TLS version supported by NSS. Please find the patch attached.

Regards,
Fabian

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

application/octet-stream attachment: 0001-nss-prefer-highest-available-TLS-version.patch

Received on 2014-02-06

This message: [ Message body ]
Next message: ansh kumar: "Re: Why syntax error in release version of code in visual c++"
Previous message: Dan Fandrich: "Re: Support for URL specific options and broken Test 165"
Next in thread: Daniel Stenberg: "Re: weak cipher suites with OpenSSL, SecureTransport and... ?"
Maybe reply: Daniel Stenberg: "Re: weak cipher suites with OpenSSL, SecureTransport and... ?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]