From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sat, 15 Aug 2015 08:33:59 +0000 (+0200)
Subject: curl.1: Document weaknesses in SSLv2 and SSLv3
X-Git-Tag: curl-7_45_0~129
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=31673ff517e474cd0d8472d049dafa1a6d4ef154;p=curl

curl.1: Document weaknesses in SSLv2 and SSLv3

Acknowledge that SSLv3 is also widely considered to be insecure.

Also, provide references for people who want to know more about why it's
insecure.
---

diff --git a/docs/curl.1 b/docs/curl.1
index cf37d63c9..dd17f5512 100644
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -171,10 +171,11 @@ a level of control).
 .IP "-2, --sslv2"
 (SSL) Forces curl to use SSL version 2 when negotiating with a remote SSL
 server. Sometimes curl is built without SSLv2 support. SSLv2 is widely
-considered insecure.
+considered insecure (see RFC 6176).
 .IP "-3, --sslv3"
 (SSL) Forces curl to use SSL version 3 when negotiating with a remote SSL
-server. Sometimes curl is built without SSLv3 support.
+server. Sometimes curl is built without SSLv3 support. SSLv3 is widely
+considered insecure (see RFC 7568).
 .IP "-4, --ipv4"
 This option tells curl to resolve names to IPv4 addresses only, and not for
 example try IPv6.