You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
42 lines
1.3 KiB
42 lines
1.3 KiB
From ebe7a9186469a5901a91469d107851abfdaa3993 Mon Sep 17 00:00:00 2001 |
|
From: Kamil Dudka <kdudka@redhat.com> |
|
Date: Tue, 5 May 2015 18:59:59 +0200 |
|
Subject: [PATCH] nss: use the default min/max TLS version provided by NSS |
|
|
|
--- |
|
lib/nss.c | 12 +++++++----- |
|
1 file changed, 7 insertions(+), 5 deletions(-) |
|
|
|
diff --git a/lib/nss.c b/lib/nss.c |
|
index 0691394..6b7c309 100644 |
|
--- a/lib/nss.c |
|
+++ b/lib/nss.c |
|
@@ -1206,7 +1206,7 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver, |
|
switch (data->set.ssl.version) { |
|
default: |
|
case CURL_SSLVERSION_DEFAULT: |
|
- return CURLE_OK; |
|
+ break; |
|
|
|
case CURL_SSLVERSION_TLSv1: |
|
sslver->min = SSL_LIBRARY_VERSION_TLS_1_0; |
|
@@ -1368,10 +1368,12 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex) |
|
goto error; |
|
|
|
/* enable/disable the requested SSL version(s) */ |
|
- if(nss_init_sslver(&sslver, data) != CURLE_OK) |
|
- goto error; |
|
- if(SSL_VersionRangeSet(model, &sslver) != SECSuccess) |
|
- goto error; |
|
+ if(data->set.ssl.version != CURL_SSLVERSION_DEFAULT) { |
|
+ if(nss_init_sslver(&sslver, data) != CURLE_OK) |
|
+ goto error; |
|
+ if(SSL_VersionRangeSet(model, &sslver) != SECSuccess) |
|
+ goto error; |
|
+ } |
|
|
|
ssl_cbc_random_iv = !data->set.ssl_enable_beast; |
|
#ifdef SSL_CBC_RANDOM_IV |
|
-- |
|
2.4.0 |
|
|
|
|