curl: ignore options asking for SSLv2 or SSLv3

Instead output a warning about it and continue with the defaults. These SSL versions are typically not supported by the TLS libraries since a long time back already since they are inherently insecure and broken. Asking for them to be used will just cause an error to be returned slightly later. In the unlikely event that a user's TLS library actually still supports these protocol versions, this change might make the request a little less insecure. Closes #6772
author: Daniel Stenberg <daniel@haxx.se> 2021-03-22 11:55:27 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2021-04-19 08:14:05 +0200
commit: cf65d4237e097ace65e17580407ce56487823a47 (patch)
tree: a1734aa63d90e36578ac69183f22da4258e9c8cc /src
parent: 6fc805d0c1f82363836f1c6199cebdd3c41cbc5b (diff)
download: curl-cf65d4237e097ace65e17580407ce56487823a47.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 5de9b0a04..ad89ea312 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -1306,11 +1306,11 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
       break;
     case '2':
       /* SSL version 2 */
-      config->ssl_version = CURL_SSLVERSION_SSLv2;
+      warnf(global, "Ignores instruction to use SSLv2\n");
       break;
     case '3':
       /* SSL version 3 */
-      config->ssl_version = CURL_SSLVERSION_SSLv3;
+      warnf(global, "Ignores instruction to use SSLv3\n");
       break;
     case '4':
       /* IPv4 */
author	Daniel Stenberg <daniel@haxx.se>	2021-03-22 11:55:27 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2021-04-19 08:14:05 +0200
commit	cf65d4237e097ace65e17580407ce56487823a47 (patch)
tree	a1734aa63d90e36578ac69183f22da4258e9c8cc /src
parent	6fc805d0c1f82363836f1c6199cebdd3c41cbc5b (diff)
download	curl-cf65d4237e097ace65e17580407ce56487823a47.tar.gz