cURL cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[curl:bugs] #1434 disable SSLv3 per default

From: Daniel Stenberg <bagder_at_users.sf.net>
Date: Mon, 20 Oct 2014 13:54:18 +0000

- **status**: open --> closed-invalid
- **assigned_to**: Daniel Stenberg
- **Comment**:

Sure, that might be a good idea but this is a bug tracker and SSLv3 is still not a bug...

This is already discussed on the curl-library mailing list.

---
** [bugs:#1434] disable SSLv3 per default**
**Status:** closed-invalid
**Created:** Thu Oct 16, 2014 11:54 AM UTC by Cálestyo
**Last Updated:** Thu Oct 16, 2014 11:54 AM UTC
**Owner:** Daniel Stenberg
Hi.

In the light of the recently published attacks against SSLv3 I think it would be appropriate to disable at least SSLv3 from being ever used per default in any place of curl/libcurl.

Only if -3, --sslv3 is explicitly given, SSLv3 should be used.

The same apply analogously to SSLv2 (if not already the case)

Thanks,
Chris.
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.
Received on 2014-10-20

These mail archives are generated by hypermail.