Thanks for your report. I've now pushed the change that changes the default list of ciphers as previously mentioned. Case closed!

---
** [bugs:#1323] remove export cipher suites from OpenSSL preference list**
**Status:** closed-fixed
**Labels:** SSL/TLS 
**Created:** Thu Jan 09, 2014 08:20 PM UTC by Jeff Hodges
**Last Updated:** Fri Jan 10, 2014 11:14 PM UTC
**Owner:** Daniel Stenberg
Curl, built against OpenSSL, currently includes export strength cipher suites in its TLS ClientHello. This is problematic because those cipher suites use only 40-bit keys making them easy to brute force. 128-bit keys are the current minimum recommended key size.
This was found by using the latest released curl (7.34.0) to query https://www.howsmyssl.com/a/check
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.