projects / platform / upstream / curl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3b183df) | patch
OpenSSL: deselect weak ciphers by default
authorDaniel Stenberg <daniel@haxx.se>
Fri, 10 Jan 2014 23:05:19 +0000 (00:05 +0100)
committerDaniel Stenberg <daniel@haxx.se>
Sat, 11 Jan 2014 23:14:01 +0000 (00:14 +0100)
commit3b5c75ef3d609584daef44ebbf2a592a966cbd6b
tree908853486ced794876df28a799fc151047cc68bftree | snapshot
parent3b183df9cc781b329ca409ded1ea336530624715commit | diff
OpenSSL: deselect weak ciphers by default

By default even recent versions of OpenSSL support and accept both
"export strength" ciphers, small-bitsize ciphers as well as downright
deprecated ones.

This change sets a default cipher set that avoids the worst ciphers, and
subsequently makes https://www.howsmyssl.com/a/check no longer grade
curl/OpenSSL connects as 'Bad'.

Bug: http://curl.haxx.se/bug/view.cgi?id=1323
Reported-by: Jeff Hodges
lib/vtls/openssl.c diff | blob | history
lib/vtls/openssl.h diff | blob | history
Domain: Network & Connectivity / Data Network;