On Wednesday 12 March 2014 04:52:09 Fabian Frank wrote: > On Mon, Mar 10, 2014 at 5:44 AM, Kamil Dudka <[email protected]> wrote: > > ... but allow them to be enabled/disabled explicitly. The default > > policy should be maintained at the NSS level. > > Would you mind sharing your reasoning for why you want to enable/disable > certain suites?
The patch actually does not change the default behavior with up2date version of NSS. I just wanted to make sure that we will not override the NSS default if it changes later on. It does not make any sense to maintain the default policy at libcurl level. >From now own, if we wanted to change the list of cipher-suites enabled by default, we would patch NSS itself, because libcurl's use of NSS does not really differ from what other NSS clients do. > Have you tested the resulting settings against > https://www.howsmyssl.com/s/api.html? I have tested it now. The patch did not make any difference. Kamil ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
