SSL: PolarSSL default min SSL version TLS 1.0

- Prior to this change no SSL minimum version was set by default at
runtime for PolarSSL. Therefore in most cases PolarSSL would probably
have defaulted to a minimum version of SSLv3 which is no longer secure.

diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
index 5332b92ca750ca3494d07abfd606aaaaff89652b..a9ea1e528a661ecf03533b783e23b607bb1edd54 100644 (file)
--- a/lib/vtls/polarssl.c
+++ b/lib/vtls/polarssl.c
@@ -287,6 +287,11 @@ polarssl_connect_step1(struct connectdata *conn,
   }
 
   switch(data->set.ssl.version) {
+  default:
+  case CURL_SSLVERSION_DEFAULT:
+    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
+                        SSL_MINOR_VERSION_1);
+    break;
   case CURL_SSLVERSION_SSLv3:
     ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
                         SSL_MINOR_VERSION_0);