openssl: allow TLS 1.3 by default

author Daniel Stenberg <daniel@haxx.se>

Thu, 28 Jun 2018 21:05:05 +0000 (23:05 +0200)

committer Daniel Stenberg <daniel@haxx.se>

Fri, 29 Jun 2018 07:15:34 +0000 (09:15 +0200)
author Daniel Stenberg <daniel@haxx.se>
Thu, 28 Jun 2018 21:05:05 +0000 (23:05 +0200)
committer Daniel Stenberg <daniel@haxx.se>
Fri, 29 Jun 2018 07:15:34 +0000 (09:15 +0200)
diff --git a/docs/cmdline-opts/tlsv1.d b/docs/cmdline-opts/tlsv1.d

index 9c9f6b3f560110f4eda16f37175485e9e81f0280..4cb40569734477fd2ad66e7f000d19db9de4e4a0 100644 (file)
--- a/docs/cmdline-opts/tlsv1.d
+++ b/docs/cmdline-opts/tlsv1.d
@@ -8,5 +8,5 @@ Requires: TLS
  See-also: http1.1 http2
  Help: Use TLSv1.0 or greater
  ---
-Tells curl to use TLS version 1.x when negotiating with a remote TLS
-server. That means TLS version 1.0, 1.1 or 1.2.
+Tells curl to use at least TLS version 1.x when negotiating with a remote TLS
+server. That means TLS version 1.0 or higher
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c

index 4731107f21600c34843daf04b59b2857e1a7b67e..225b4cbd1b89c88350fe83a9527ddf4f52c1ab19 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -2130,12 +2130,12 @@ set_ssl_version_min_max(long *ctx_options, struct connectdata *conn,
  #endif
        /* FALLTHROUGH */
      case CURL_SSLVERSION_MAX_TLSv1_2:
-    case CURL_SSLVERSION_MAX_DEFAULT:
  #ifdef TLS1_3_VERSION
        *ctx_options |= SSL_OP_NO_TLSv1_3;
  #endif
        break;
      case CURL_SSLVERSION_MAX_TLSv1_3:
+    case CURL_SSLVERSION_MAX_DEFAULT:
  #ifdef TLS1_3_VERSION
        break;
  #else
author	Daniel Stenberg <daniel@haxx.se>
	Thu, 28 Jun 2018 21:05:05 +0000 (23:05 +0200)
committer	Daniel Stenberg <daniel@haxx.se>
	Fri, 29 Jun 2018 07:15:34 +0000 (09:15 +0200)
docs/cmdline-opts/tlsv1.d		patch \| blob \| history
lib/vtls/openssl.c		patch \| blob \| history