diff options
author | Daniel Stenberg <daniel@haxx.se> | 2021-03-22 13:39:37 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2021-04-19 08:16:02 +0200 |
commit | eff614fb0242cb37d33f89e2e74a93cef5203aed (patch) | |
tree | 0b17f5b8bd993f9b9140499bddd76dde9b9750b0 /lib/vtls/nss.c | |
parent | cf65d4237e097ace65e17580407ce56487823a47 (diff) | |
download | curl-eff614fb0242cb37d33f89e2e74a93cef5203aed.tar.gz |
vtls: refuse setting any SSL version
... previously they were supported if a TLS library would (unexpectedly)
still support them, but from this change they will be refused already in
curl_easy_setopt(). SSLv2 and SSLv3 have been known to be insecure for
many years now.
Closes #6773
Diffstat (limited to 'lib/vtls/nss.c')
-rw-r--r-- | lib/vtls/nss.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index a9f6959e3..9be3979c0 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -1699,8 +1699,7 @@ static CURLcode nss_sslver_from_curl(PRUint16 *nssver, long version) return CURLE_OK; case CURL_SSLVERSION_SSLv3: - *nssver = SSL_LIBRARY_VERSION_3_0; - return CURLE_OK; + return CURLE_NOT_BUILT_IN; case CURL_SSLVERSION_TLSv1_0: *nssver = SSL_LIBRARY_VERSION_TLS_1_0; |