Mailing Lists

curl-tracker Archives

[curl:bugs] #1434 disable SSLv3 per default

From: Daniel Stenberg <bagder_at_users.sf.net>
Date: Mon, 20 Oct 2014 13:54:18 +0000

- **status**: open --> closed-invalid
- **assigned_to**: Daniel Stenberg
- **Comment**:

Sure, that might be a good idea but this is a bug tracker and SSLv3 is still not a bug...

This is already discussed on the curl-library mailing list.

---
** [bugs:#1434] disable SSLv3 per default**
**Status:** closed-invalid
**Created:** Thu Oct 16, 2014 11:54 AM UTC by Cálestyo
**Last Updated:** Thu Oct 16, 2014 11:54 AM UTC
**Owner:** Daniel Stenberg
Hi.

In the light of the recently published attacks against SSLv3 I think it would be appropriate to disable at least SSLv3 from being ever used per default in any place of curl/libcurl.

Only if -3, --sslv3 is explicitly given, SSLv3 should be used.

The same apply analogously to SSLv2 (if not already the case)

Thanks,
Chris.
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

Received on 2014-10-20

This message: [ Message body ]
Next message: Monty Brandenberg: "[curl:bugs] #1420 Pipelining + client-side timeouts lead to loss of synchronization with response stream and incorrect data delivery"
Previous message: Daniel Stenberg: "[curl:bugs] #1435 Bug: ipv6 address resolving problems of curl 7.19.7"
In reply to: Cálestyo: "[curl:bugs] #1434 disable SSLv3 per default"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

These mail archives are generated by hypermail.