cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: how to enable SSLv3 in libcurl 7.39

From: Ray Satiro <raysatiro_at_yahoo.com>
Date: Sun, 11 Jan 2015 00:30:32 -0500

On 1/2/2015 12:42 PM, Ray Satiro wrote:
> On 1/2/2015 3:46 AM, Dan Fandrich wrote:
>> Also, a big no-no: this patch seems to enable SSLv2 for the Cyassl
>> back-end when the new option is used.
>
> Well, no, it shouldn't do that. CyaSSL has logic very similar to
> OpenSSL in that the protocol versions are set some time after the
> object has been created. In the patch you'll see that after the handle
> is created I set the minimum protocol version to SSLv3 if the CyaSSL
> version is >= 3.3.0, since SSLv3 is disabled by default >= 3.3.0. If
> the CyaSSL version is <3.3.0 then SSLv3 is enabled by default, I
> thought... I also thought SSLv2 was not enabled for
> SSLv23_client_method... but I will follow up with the CyaSSL team to
> make sure we're covered in all use cases.

I spoke with a developer at wolfSSL (makes CyaSSL) and he told me that
SSLv2 was never supported in any version [1].

[1]: http://www.yassl.com/forums/post1870.html#p1870

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-01-11

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: i wish libcurl have the serilaized and deseriliazed json function"
Previous message: Ray Satiro: "[PATCH] opts: CURLOPT_CAINFO availability depends on SSL engine"
In reply to: Ray Satiro: "Re: how to enable SSLv3 in libcurl 7.39"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]