cURL / Mailing Lists / curl-library / Single Mail


Re: [PATCH] openssl: make it possible to build without SSLv3

From: Alessandro Ghedini <>
Date: Mon, 10 Nov 2014 13:17:36 +0100

On lun, nov 10, 2014 at 03:13:21 -0500, Ray Satiro wrote:
> On 11/9/2014 4:36 PM, Guenter wrote:
> >Hi Ray,
> >On 08.11.2014 20:43, Ray Satiro wrote:
> >>I'm under the impression it's possible regardless. Following the changes
> >>to disable SSLv3 by default at one point I had tested against OpenSSL
> >>built with no-ssl3 and when I tried SSLv3 in curl I received an
> >>unsupported protocol error message. Maybe I forgot to recompile libcurl.
> >here's a probably related thread from the httpd view:
> >
> >
> I just tried OpenSSL 1.0.1j no-ssl3 and if I pass -3 to curl I still get a
> SSLv3 client hello and connection.

Yeah. The thing about no-ssl3 is that AFAICT, it only disables SSLv3 when
SSLv23_client_method() is used, but the SSLv3_* functions still work (which is
IMO wrong).

> Still doesn't explain what I saw with unsupported protocol

Not sure if this is the same situation as yours, but e.g.
doesn't support SSLv3, so when I tried "curl -3" it failed
with the error "sslv3 alert handshake failure". It took me a while to realize
that the error came from the server and not curl... :/


List admin:

Received on 2014-11-10