Loading RELEASE-NOTES +1 −0 Original line number Diff line number Diff line Loading @@ -35,6 +35,7 @@ This release includes the following bugfixes: o getinfo: HTTP CONNECT code not reset between transfers [8] o Curl_rand: Use a fake entropy for debug builds when CURL_ENTROPY set o nss: do not abort on connection failure (failing tests 305 and 404) o nss: make the fallback to SSLv3 work again o This release includes the following known bugs: Loading lib/vtls/nss.c +3 −3 Original line number Diff line number Diff line Loading @@ -1315,6 +1315,7 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver, switch (data->set.ssl.version) { default: case CURL_SSLVERSION_DEFAULT: sslver->min = SSL_LIBRARY_VERSION_3_0; if(data->state.ssl_connect_retry) { infof(data, "TLS disabled due to previous handshake failure\n"); sslver->max = SSL_LIBRARY_VERSION_3_0; Loading @@ -1323,7 +1324,6 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver, /* intentional fall-through to default to highest TLS version if possible */ case CURL_SSLVERSION_TLSv1: sslver->min = SSL_LIBRARY_VERSION_TLS_1_0; #ifdef SSL_LIBRARY_VERSION_TLS_1_2 sslver->max = SSL_LIBRARY_VERSION_TLS_1_2; #elif defined SSL_LIBRARY_VERSION_TLS_1_1 Loading Loading @@ -1399,7 +1399,7 @@ static CURLcode nss_fail_connect(struct ssl_connect_data *connssl, if(connssl->handle && (SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess) && (sslver.min == SSL_LIBRARY_VERSION_3_0) && (sslver.max == SSL_LIBRARY_VERSION_TLS_1_0) && (sslver.max != SSL_LIBRARY_VERSION_3_0) && isTLSIntoleranceError(err)) { /* schedule reconnect through Curl_retry_request() */ data->state.ssl_connect_retry = TRUE; Loading Loading @@ -1437,7 +1437,7 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex) CURLcode curlerr; SSLVersionRange sslver = { SSL_LIBRARY_VERSION_3_0, /* min */ SSL_LIBRARY_VERSION_TLS_1_0, /* min */ SSL_LIBRARY_VERSION_TLS_1_0 /* max */ }; Loading Loading
RELEASE-NOTES +1 −0 Original line number Diff line number Diff line Loading @@ -35,6 +35,7 @@ This release includes the following bugfixes: o getinfo: HTTP CONNECT code not reset between transfers [8] o Curl_rand: Use a fake entropy for debug builds when CURL_ENTROPY set o nss: do not abort on connection failure (failing tests 305 and 404) o nss: make the fallback to SSLv3 work again o This release includes the following known bugs: Loading
lib/vtls/nss.c +3 −3 Original line number Diff line number Diff line Loading @@ -1315,6 +1315,7 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver, switch (data->set.ssl.version) { default: case CURL_SSLVERSION_DEFAULT: sslver->min = SSL_LIBRARY_VERSION_3_0; if(data->state.ssl_connect_retry) { infof(data, "TLS disabled due to previous handshake failure\n"); sslver->max = SSL_LIBRARY_VERSION_3_0; Loading @@ -1323,7 +1324,6 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver, /* intentional fall-through to default to highest TLS version if possible */ case CURL_SSLVERSION_TLSv1: sslver->min = SSL_LIBRARY_VERSION_TLS_1_0; #ifdef SSL_LIBRARY_VERSION_TLS_1_2 sslver->max = SSL_LIBRARY_VERSION_TLS_1_2; #elif defined SSL_LIBRARY_VERSION_TLS_1_1 Loading Loading @@ -1399,7 +1399,7 @@ static CURLcode nss_fail_connect(struct ssl_connect_data *connssl, if(connssl->handle && (SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess) && (sslver.min == SSL_LIBRARY_VERSION_3_0) && (sslver.max == SSL_LIBRARY_VERSION_TLS_1_0) && (sslver.max != SSL_LIBRARY_VERSION_3_0) && isTLSIntoleranceError(err)) { /* schedule reconnect through Curl_retry_request() */ data->state.ssl_connect_retry = TRUE; Loading Loading @@ -1437,7 +1437,7 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex) CURLcode curlerr; SSLVersionRange sslver = { SSL_LIBRARY_VERSION_3_0, /* min */ SSL_LIBRARY_VERSION_TLS_1_0, /* min */ SSL_LIBRARY_VERSION_TLS_1_0 /* max */ }; Loading
