diff options
author | Daniel Stenberg <daniel@haxx.se> | 2021-03-22 13:39:37 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2021-04-19 08:16:02 +0200 |
commit | eff614fb0242cb37d33f89e2e74a93cef5203aed (patch) | |
tree | 0b17f5b8bd993f9b9140499bddd76dde9b9750b0 /lib/vtls/schannel.c | |
parent | cf65d4237e097ace65e17580407ce56487823a47 (diff) | |
download | curl-eff614fb0242cb37d33f89e2e74a93cef5203aed.tar.gz |
vtls: refuse setting any SSL version
... previously they were supported if a TLS library would (unexpectedly)
still support them, but from this change they will be refused already in
curl_easy_setopt(). SSLv2 and SSLv3 have been known to be insecure for
many years now.
Closes #6773
Diffstat (limited to 'lib/vtls/schannel.c')
-rw-r--r-- | lib/vtls/schannel.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c index 961a71f6d..7043da3d6 100644 --- a/lib/vtls/schannel.c +++ b/lib/vtls/schannel.c @@ -572,11 +572,9 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn, break; } case CURL_SSLVERSION_SSLv3: - schannel_cred.grbitEnabledProtocols = SP_PROT_SSL3_CLIENT; - break; case CURL_SSLVERSION_SSLv2: - schannel_cred.grbitEnabledProtocols = SP_PROT_SSL2_CLIENT; - break; + failf(data, "SSL versions not supported"); + return CURLE_NOT_BUILT_IN; default: failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); return CURLE_SSL_CONNECT_ERROR; |