On Fri, Jan 02, 2015 at 02:45:32AM -0500, Ray Satiro wrote:
> CURL_SSLVERSION_SSLv3 is exclusively SSLv3 [1]. There is no longer a define for
> SSLv3 or later. The default is now TLS 1.0 or later. I have attached a patch
> that adds legacy support for CURL_SSLVERSION_SSLv3_OR_LATER to all backends; I
> wonder if it's useful in your situation or anyone's?

I noticed some semantic differences between some of the back-ends with this
patch. For example, in axTLS and OpenSSL, if SSL3 cannot be set due to the
back-end version of configuration, there is no error returned. There is also
another difference I noted (unrelated to your patch), namely that for some
back-ends some of the existing CURL_SSLVERSION_* options select not just one
specific SSL version but rather set the given version as a minimum instead.
This should be at minimum documented in the man page.

Also, a big no-no: this patch seems to enable SSLv2 for the Cyassl
back-end when the new option is used.

>>> Dan
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-01-02