diff options
author | Daniel Stenberg <daniel@haxx.se> | 2021-03-22 13:39:37 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2021-04-19 08:16:02 +0200 |
commit | eff614fb0242cb37d33f89e2e74a93cef5203aed (patch) | |
tree | 0b17f5b8bd993f9b9140499bddd76dde9b9750b0 /docs/libcurl/opts | |
parent | cf65d4237e097ace65e17580407ce56487823a47 (diff) | |
download | curl-eff614fb0242cb37d33f89e2e74a93cef5203aed.tar.gz |
vtls: refuse setting any SSL version
... previously they were supported if a TLS library would (unexpectedly)
still support them, but from this change they will be refused already in
curl_easy_setopt(). SSLv2 and SSLv3 have been known to be insecure for
many years now.
Closes #6773
Diffstat (limited to 'docs/libcurl/opts')
-rw-r--r-- | docs/libcurl/opts/CURLOPT_SSLVERSION.3 | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/docs/libcurl/opts/CURLOPT_SSLVERSION.3 b/docs/libcurl/opts/CURLOPT_SSLVERSION.3 index 8cfcdbe7f..2841c160b 100644 --- a/docs/libcurl/opts/CURLOPT_SSLVERSION.3 +++ b/docs/libcurl/opts/CURLOPT_SSLVERSION.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2019, 2018, Daniel Stenberg, <daniel@haxx.se>, et al. +.\" * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -43,9 +43,9 @@ default TLS v1.0 since 7.39.0 (unless the TLS library has a stricter rule). .IP CURL_SSLVERSION_TLSv1 TLS v1.0 or later .IP CURL_SSLVERSION_SSLv2 -SSL v2 (but not SSLv3) +SSL v2 - refused .IP CURL_SSLVERSION_SSLv3 -SSL v3 (but not SSLv2) +SSL v3 - refused .IP CURL_SSLVERSION_TLSv1_0 TLS v1.0 or later (Added in 7.34.0) .IP CURL_SSLVERSION_TLSv1_1 @@ -102,6 +102,8 @@ if(curl) { } .fi .SH AVAILABILITY +SSLv2 and SSLv3 are refused completely since curl 7.77.0 + SSLv2 is disabled by default since 7.18.1. Other SSL versions availability may vary depending on which backend libcurl has been built to use. |