Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: curl library api secure mode
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Cristian Rodríguez via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 23 Oct 2023 07:46:27 -0300
On Sun, Oct 22, 2023 at 7:06 PM Philipp Gühring via curl-library <
curl-library_at_lists.haxx.se> wrote:
> Hi,
>
> I am the maintainer of hddsuperclone, which uses the curl library.
> At the moment it is initializing the curl library like this:
> curl = curl_easy_init();
> But a security audit suggested that we should be using
> curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
> to avoid downgrade attacks.
>
All Linux distributions ship with some form of global crypto policy tooling
nowadays. enforce it at *THAT LEVEL* not at your current app source code.
most products have crypto-policies(7) included. BSDs also have something
similar.
You could change your app yeah. but it is like plugging a tiny hole in a
sinking boat with a piece of gum. don't.
Date: Mon, 23 Oct 2023 07:46:27 -0300
On Sun, Oct 22, 2023 at 7:06 PM Philipp Gühring via curl-library <
curl-library_at_lists.haxx.se> wrote:
> Hi,
>
> I am the maintainer of hddsuperclone, which uses the curl library.
> At the moment it is initializing the curl library like this:
> curl = curl_easy_init();
> But a security audit suggested that we should be using
> curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
> to avoid downgrade attacks.
>
All Linux distributions ship with some form of global crypto policy tooling
nowadays. enforce it at *THAT LEVEL* not at your current app source code.
most products have crypto-policies(7) included. BSDs also have something
similar.
You could change your app yeah. but it is like plugging a tiny hole in a
sinking boat with a piece of gum. don't.
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-10-23