cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: weak cipher suites with OpenSSL, SecureTransport and... ?

From: Fabian Frank <fabian.frank.de_at_gmail.com>
Date: Thu, 6 Feb 2014 00:52:37 -0800

On Jan 30, 2014, at 1:21 PM, Fabian Frank <fabian.frank.de_at_gmail.com> wrote:

> I agree with your assessment that the priority order should be
> TLS1.2 -> TLS 1.1 -> TLS 1.0 -> SSL v3

I happened to touch nss.c today, so I used the chance and do a quick check against https://www.howsmyssl.com/a/check. There were no insecure ciphers, but curl still preferred TLS 1.0 over 1.1 or 1.2. I created a patch to change this and default to the highest TLS version supported by NSS. Please find the patch attached.

Regards,
Fabian

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2014-02-06