On Jan 30, 2014, at 1:21 PM, Fabian Frank <[email protected]> wrote:
> I agree with your assessment that the priority order should be > TLS1.2 -> TLS 1.1 -> TLS 1.0 -> SSL v3 I happened to touch nss.c today, so I used the chance and do a quick check against https://www.howsmyssl.com/a/check. There were no insecure ciphers, but curl still preferred TLS 1.0 over 1.1 or 1.2. I created a patch to change this and default to the highest TLS version supported by NSS. Please find the patch attached. Regards, Fabian
0001-nss-prefer-highest-available-TLS-version.patch
Description: Binary data
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
