Re: weak cipher suites with OpenSSL, SecureTransport and... ?
Date: Thu, 6 Feb 2014 00:52:37 -0800
On Jan 30, 2014, at 1:21 PM, Fabian Frank <fabian.frank.de_at_gmail.com> wrote:
> I agree with your assessment that the priority order should be
> TLS1.2 -> TLS 1.1 -> TLS 1.0 -> SSL v3
I happened to touch nss.c today, so I used the chance and do a quick check against https://www.howsmyssl.com/a/check. There were no insecure ciphers, but curl still preferred TLS 1.0 over 1.1 or 1.2. I created a patch to change this and default to the highest TLS version supported by NSS. Please find the patch attached.
- application/octet-stream attachment: 0001-nss-prefer-highest-available-TLS-version.patch