vtls: refuse setting any SSL version

... previously they were supported if a TLS library would (unexpectedly) still support them, but from this change they will be refused already in curl_easy_setopt(). SSLv2 and SSLv3 have been known to be insecure for many years now. Closes #6773
author: Daniel Stenberg <daniel@haxx.se> 2021-03-22 13:39:37 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2021-04-19 08:16:02 +0200
commit: eff614fb0242cb37d33f89e2e74a93cef5203aed (patch)
tree: 0b17f5b8bd993f9b9140499bddd76dde9b9750b0 /lib/vtls/schannel.c
parent: cf65d4237e097ace65e17580407ce56487823a47 (diff)
download: curl-eff614fb0242cb37d33f89e2e74a93cef5203aed.tar.gz
1 files changed, 2 insertions, 4 deletions
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index 961a71f6d..7043da3d6 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -572,11 +572,9 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn,
       break;
     }
     case CURL_SSLVERSION_SSLv3:
-      schannel_cred.grbitEnabledProtocols = SP_PROT_SSL3_CLIENT;
-      break;
     case CURL_SSLVERSION_SSLv2:
-      schannel_cred.grbitEnabledProtocols = SP_PROT_SSL2_CLIENT;
-      break;
+      failf(data, "SSL versions not supported");
+      return CURLE_NOT_BUILT_IN;
     default:
       failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
       return CURLE_SSL_CONNECT_ERROR;
author	Daniel Stenberg <daniel@haxx.se>	2021-03-22 13:39:37 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2021-04-19 08:16:02 +0200
commit	eff614fb0242cb37d33f89e2e74a93cef5203aed (patch)
tree	0b17f5b8bd993f9b9140499bddd76dde9b9750b0 /lib/vtls/schannel.c
parent	cf65d4237e097ace65e17580407ce56487823a47 (diff)
download	curl-eff614fb0242cb37d33f89e2e74a93cef5203aed.tar.gz