Commit ff92fcfb authored by Fabian Frank's avatar Fabian Frank Committed by Daniel Stenberg
Browse files

nss: prefer highest available TLS version 

Offer TLSv1.0 to 1.2 by default, still fall back to SSLv3
if --tlsv1[.N] was not specified on the command line.
parent 8d137728

lib/vtls/nss.c

+2 −1
Original line number Diff line number Diff line
@@ -1193,8 +1193,9 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver, 
    if(data->state.ssl_connect_retry) {

      infof(data, "TLS disabled due to previous handshake failure\n");

      sslver->max = SSL_LIBRARY_VERSION_3_0;

    }

      return CURLE_OK;

    }

  /* intentional fall-through to default to highest TLS version if possible */



  case CURL_SSLVERSION_TLSv1:

    sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;