X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=docs%2FSSL-PROBLEMS;h=7ee4d14ee3a73a655f19a6ce946b1a83cc11fd70;hb=7a9f915fa6be8c8955ff2c59169538a4d0349080;hp=45faa241c5d8391240dd300ffa0d6b76c1f20752;hpb=2bc9d6bb53df44a0c5174767de734620c2cdfd9e;p=platform%2Fupstream%2Fcurl.git

diff --git a/docs/SSL-PROBLEMS b/docs/SSL-PROBLEMS
index 45faa24..7ee4d14 100644
--- a/docs/SSL-PROBLEMS
+++ b/docs/SSL-PROBLEMS
@@ -26,7 +26,7 @@ CA bundle missing intermediate certificates
   problems if your CA cert does not have the certificates for the
   intermediates in the whole trust chain.
 
-Protocol version
+SSL version
 
   Some broken servers fail to support the protocol negotiation properly that
   SSL servers are supposed to handle. This may cause the connection to fail
@@ -36,9 +36,7 @@ Protocol version
   An additional complication can be that modern SSL libraries sometimes are
   built with support for older SSL and TLS versions disabled!
 
-  All versions of SSL are considered insecure and should be avoided. Use TLS.
-
-Ciphers
+SSL ciphers
 
   Clients give servers a list of ciphers to select from. If the list doesn't
   include any ciphers the server wants/can use, the connection handshake
@@ -53,13 +51,9 @@ Ciphers
   Note that these weak ciphers are identified as flawed. For example, this
   includes symmetric ciphers with less than 128 bit keys and RC4.
 
-  WinSSL in Windows XP is not able to connect to servers that no longer
-  support the legacy handshakes and algorithms used by those versions, so we
-  advice against building curl to use WinSSL on really old Windows versions.
-
   References:
 
-  https://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-01
+  http://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-01
   
 Allow BEAST
 
@@ -71,17 +65,3 @@ Allow BEAST
   introduced. Exactly as it sounds, it re-introduces the BEAST vulnerability
   but on the other hand it allows curl to connect to that kind of strange
   servers.
-
-Disabling certificate revocation checks
-
-  Some SSL backends may do certificate revocation checks (CRL, OCSP, etc)
-  depending on the OS or build configuration. The --ssl-no-revoke option was
-  introduced in 7.44.0 to disable revocation checking but currently is only
-  supported for WinSSL (the native Windows SSL library), with an exception in
-  the case of Windows' Untrusted Publishers blacklist which it seems can't be
-  bypassed. This option may have broader support to accommodate other SSL
-  backends in the future.
-
-  References:
-
-  http://curl.haxx.se/docs/ssl-compared.html