cURL / Mailing Lists / curl-library / Single Mail

curl-library

FYI - New SSL client test

From: Nick Zitzmann <nick_at_chronosnet.com>
Date: Thu, 3 Oct 2013 21:51:02 -0500

So I heard recently that SSL Labs has a new TLS/SSL client test available: <https://www.ssllabs.com/ssltest/viewMyClient.html>

I already ran my code through it, and it detected support for a NULL cipher-suite I forgot to block out. Oops. I fixed that and pushed the change yesterday.

I also tried running it with two other SSL back-ends - Schannel (Windows 7) and OpenSSL (0.9.8). The Schannel back-end showed no weak or insecure cipher-suites (good) but didn't support TLS 1.2 (I thought it did?). Meanwhile, the OpenSSL back-end advertised support for a number of weak suites with only 40- and 56-bit keys. Shouldn't we be blocking those by default?

Nick Zitzmann
<http://www.chronosnet.com/>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-10-04

This message: [ Message body ]
Next message: Nick Zitzmann: "Re: Could the iOS libcurl support CURLOPT_SSLCERT from disk file"
Previous message: Arunav Sanyal: "RE: PATCH: Curl Sanity patch for spnego authentication"
Next in thread: Daniel Stenberg: "Re: FYI - New SSL client test"
Reply: Daniel Stenberg: "Re: FYI - New SSL client test"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]