On Sun, Oct 22, 2023 at 7:06 PM Philipp Gühring via curl-library < curl-library@lists.haxx.se> wrote:
> Hi, > > I am the maintainer of hddsuperclone, which uses the curl library. > At the moment it is initializing the curl library like this: > curl = curl_easy_init(); > But a security audit suggested that we should be using > curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); > to avoid downgrade attacks. > All Linux distributions ship with some form of global crypto policy tooling nowadays. enforce it at *THAT LEVEL* not at your current app source code. most products have crypto-policies(7) included. BSDs also have something similar. You could change your app yeah. but it is like plugging a tiny hole in a sinking boat with a piece of gum. don't.
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
