cURL / Mailing Lists / curl-library / Single Mail


Re: weak cipher suites with OpenSSL, SecureTransport and... ?

From: Fabian Frank <>
Date: Thu, 6 Feb 2014 00:52:37 -0800

On Jan 30, 2014, at 1:21 PM, Fabian Frank <> wrote:

> I agree with your assessment that the priority order should be
> TLS1.2 -> TLS 1.1 -> TLS 1.0 -> SSL v3

I happened to touch nss.c today, so I used the chance and do a quick check against There were no insecure ciphers, but curl still preferred TLS 1.0 over 1.1 or 1.2. I created a patch to change this and default to the highest TLS version supported by NSS. Please find the patch attached.


List admin:

Received on 2014-02-06