So I heard recently that SSL Labs has a new TLS/SSL client test available: <https://www.ssllabs.com/ssltest/viewMyClient.html>
I already ran my code through it, and it detected support for a NULL cipher-suite I forgot to block out. Oops. I fixed that and pushed the change yesterday. I also tried running it with two other SSL back-ends - Schannel (Windows 7) and OpenSSL (0.9.8). The Schannel back-end showed no weak or insecure cipher-suites (good) but didn't support TLS 1.2 (I thought it did?). Meanwhile, the OpenSSL back-end advertised support for a number of weak suites with only 40- and 56-bit keys. Shouldn't we be blocking those by default? Nick Zitzmann <http://www.chronosnet.com/> ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
