curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: curl library api secure mode

From: Cristian Rodríguez via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 23 Oct 2023 07:46:27 -0300

On Sun, Oct 22, 2023 at 7:06 PM Philipp Gühring via curl-library <
curl-library_at_lists.haxx.se> wrote:

> Hi,
>
> I am the maintainer of hddsuperclone, which uses the curl library.
> At the moment it is initializing the curl library like this:
> curl = curl_easy_init();
> But a security audit suggested that we should be using
> curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
> to avoid downgrade attacks.
>


All Linux distributions ship with some form of global crypto policy tooling
nowadays. enforce it at *THAT LEVEL* not at your current app source code.
most products have crypto-policies(7) included. BSDs also have something
similar.

You could change your app yeah. but it is like plugging a tiny hole in a
sinking boat with a piece of gum. don't.


-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2023-10-23