o getinfo: HTTP CONNECT code not reset between transfers [8]
o Curl_rand: Use a fake entropy for debug builds when CURL_ENTROPY set
o nss: do not abort on connection failure (failing tests 305 and 404)
+ o nss: make the fallback to SSLv3 work again
o
This release includes the following known bugs:
switch (data->set.ssl.version) {
default:
case CURL_SSLVERSION_DEFAULT:
+ sslver->min = SSL_LIBRARY_VERSION_3_0;
if(data->state.ssl_connect_retry) {
infof(data, "TLS disabled due to previous handshake failure\n");
sslver->max = SSL_LIBRARY_VERSION_3_0;
/* intentional fall-through to default to highest TLS version if possible */
case CURL_SSLVERSION_TLSv1:
- sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
#ifdef SSL_LIBRARY_VERSION_TLS_1_2
sslver->max = SSL_LIBRARY_VERSION_TLS_1_2;
#elif defined SSL_LIBRARY_VERSION_TLS_1_1
if(connssl->handle
&& (SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess)
&& (sslver.min == SSL_LIBRARY_VERSION_3_0)
- && (sslver.max == SSL_LIBRARY_VERSION_TLS_1_0)
+ && (sslver.max != SSL_LIBRARY_VERSION_3_0)
&& isTLSIntoleranceError(err)) {
/* schedule reconnect through Curl_retry_request() */
data->state.ssl_connect_retry = TRUE;
CURLcode curlerr;
SSLVersionRange sslver = {
- SSL_LIBRARY_VERSION_3_0, /* min */
+ SSL_LIBRARY_VERSION_TLS_1_0, /* min */
SSL_LIBRARY_VERSION_TLS_1_0 /* max */
};
projects / platform / upstream / curl.git / commitdiff