On Tuesday 19 November 2013 16:33:44 Kamil Dudka wrote: > On Tuesday 19 November 2013 16:13:39 James Cloos wrote: > > [Wierd. The copy in my archives has the full body; I do not know why > > there is no body on the mailing list. Here it is again. -JimC] > > > > Attempts to post this at https://sourceforge.net/p/curl/bugs/new/ > > failed silently, so I'm writing here. > > > > Testing shows that when linked to nss, even a modern version of nss > > which can do TLS/1.1 and TLS/1.2, curl is unable to negotiate anything > > more recent that TLS/1.0. > > > > 1.1 and 1.2 work fine with openssl and gnutls, and with other nss-using > > apps. > > > > I'm not sure whether ad34a2d5c87 impacted this. > > > > I tested with nss-3.15.3. > > > > Note that this is not about trying to limit which tls version curl uses, > > but rather about negotiating the latest version the server supports and > > about negotiating with servers which only support 1.1 and/or 1.2. > > > > Feel free to use https://jhcloos.com/tls.php to test first of those two > > cases, but I currently lack a public TLS/1.2-only test-case to offer. > > This is a known issue: > > https://bugzilla.redhat.com/994599 > > NSS does not enable TLS >= 1.0 by default. We need to patch libcurl to > enable it explicitly. I will have a look at that.
I meant TLS > 1.0, of course. > Kamil ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
