From: Jay Satiro <raysatiro@yahoo.com>
Date: Fri, 24 Oct 2014 18:26:57 +0000 (-0400)
Subject: SSL: PolarSSL default min SSL version TLS 1.0
X-Git-Tag: curl-7_39_0~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e819c3a4ca1bff543f38b9504536ba5fa5013235;p=thirdparty%2Fcurl.git

SSL: PolarSSL default min SSL version TLS 1.0

- Prior to this change no SSL minimum version was set by default at
runtime for PolarSSL. Therefore in most cases PolarSSL would probably
have defaulted to a minimum version of SSLv3 which is no longer secure.
---

diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
index 5332b92ca7..a9ea1e528a 100644
--- a/lib/vtls/polarssl.c
+++ b/lib/vtls/polarssl.c
@@ -287,6 +287,11 @@ polarssl_connect_step1(struct connectdata *conn,
   }
 
   switch(data->set.ssl.version) {
+  default:
+  case CURL_SSLVERSION_DEFAULT:
+    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
+                        SSL_MINOR_VERSION_1);
+    break;
   case CURL_SSLVERSION_SSLv3:
     ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
                         SSL_MINOR_VERSION_0);