curl / Mailing Lists / curl-library / Single Mail

Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: curl library api secure mode

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Cristian Rodríguez via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 23 Oct 2023 07:46:27 -0300

On Sun, Oct 22, 2023 at 7:06 PM Philipp Gühring via curl-library <
curl-library_at_lists.haxx.se> wrote:

> Hi,
>
> I am the maintainer of hddsuperclone, which uses the curl library.
> At the moment it is initializing the curl library like this:
> curl = curl_easy_init();
> But a security audit suggested that we should be using
> curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
> to avoid downgrade attacks.
>

All Linux distributions ship with some form of global crypto policy tooling
nowadays. enforce it at *THAT LEVEL* not at your current app source code.
most products have crypto-policies(7) included. BSDs also have something
similar.

You could change your app yeah. but it is like plugging a tiny hole in a
sinking boat with a piece of gum. don't.

-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Received on 2023-10-23

This message: [ Message body ]
Next message: Mark Gaiser via curl-library: "Re: Proposal: URL API extension, second setter function to allow setting from CURLU object"
Previous message: Stephen Farrell: "Re: Feature window: open"
In reply to: Philipp Gühring via curl-library: "curl library api secure mode"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]