From: Fabian Frank <fabian@pagefault.de>
Date: Thu, 6 Feb 2014 08:41:53 +0000 (-0800)
Subject: nss: prefer highest available TLS version
X-Git-Tag: curl-7_36_0~206
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ff92fcfb907b6aa69bc7e35670797fc0440756bd;p=curl

nss: prefer highest available TLS version

Offer TLSv1.0 to 1.2 by default, still fall back to SSLv3
if --tlsv1[.N] was not specified on the command line.
---

diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 0d5f740d8..1c5ff4f3e 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1193,8 +1193,9 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver,
     if(data->state.ssl_connect_retry) {
       infof(data, "TLS disabled due to previous handshake failure\n");
       sslver->max = SSL_LIBRARY_VERSION_3_0;
+      return CURLE_OK;
     }
-    return CURLE_OK;
+  /* intentional fall-through to default to highest TLS version if possible */
 
   case CURL_SSLVERSION_TLSv1:
     sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;