From: Daniel Stenberg Date: Fri, 16 Sep 2022 17:03:49 +0000 (+0200) Subject: curl: warn for --ssl use, considered insecure X-Git-Tag: curl-7_86_0~220 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=79e404d039008c428116e12f4f20e5f27ec003d6;p=thirdparty%2Fcurl.git curl: warn for --ssl use, considered insecure Closes #9519 --- diff --git a/docs/cmdline-opts/ssl.d b/docs/cmdline-opts/ssl.d index e9f23a3852..b46c1eaba3 100644 --- a/docs/cmdline-opts/ssl.d +++ b/docs/cmdline-opts/ssl.d @@ -6,8 +6,11 @@ Protocols: FTP IMAP POP3 SMTP LDAP Added: 7.20.0 Category: tls Example: --ssl pop3://example.com/ -See-also: insecure ciphers +See-also: ssl-reqd insecure ciphers --- +Warning: this is considered an insecure option. Consider using --ssl-reqd +instead to be sure curl upgrades to a secure connection. + Try to use SSL/TLS for the connection. Reverts to a non-secure connection if the server does not support SSL/TLS. See also --ftp-ssl-control and --ssl-reqd for different levels of encryption required. diff --git a/src/tool_getparam.c b/src/tool_getparam.c index 6b1e1d0a74..351b07ad11 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -1007,6 +1007,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ if(toggle && !(curlinfo->features & CURL_VERSION_SSL)) return PARAM_LIBCURL_DOESNT_SUPPORT; config->ftp_ssl = toggle; + if(config->ftp_ssl) + warnf(global, + "--ssl is an insecure option, consider --ssl-reqd instead\n"); break; case 'b': /* --ftp-pasv */ Curl_safefree(config->ftpport);