From da97f78ae0e3ab2cbcf76503c4a159da761d0f57 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 20 Jun 2008 11:15:54 +0000 Subject: [PATCH] - Phil Pellouchoud found a case where libcurl built with NSS failed to handshake with a SSLv2 server, and it turned out to be because it didn't recognize the cipher named "rc4-md5". In our list that cipher was named plainly "rc4". I've now added rc4-md5 to work as an alias as Phil reported that it made things work for him again. --- CHANGES | 6 ++++++ RELEASE-NOTES | 4 +++- lib/nss.c | 1 + 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index edec496750..7c3c993114 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,12 @@ Changelog Daniel Stenberg (20 Jun 2008) +- Phil Pellouchoud found a case where libcurl built with NSS failed to + handshake with a SSLv2 server, and it turned out to be because it didn't + recognize the cipher named "rc4-md5". In our list that cipher was named + plainly "rc4". I've now added rc4-md5 to work as an alias as Phil reported + that it made things work for him again. + - Hans-Jurgen May pointed out that trying SCP or SFTP over a SOCKS proxy crashed libcurl. This is now addressed by making sure we use "plain send" internally when doing the socks handshake instead of the Curl_write() diff --git a/RELEASE-NOTES b/RELEASE-NOTES index e48fdb53e3..91f0934410 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -23,6 +23,7 @@ This release includes the following bugfixes: o connection re-use when using the multi interface with pipelining enabled o curl_multi_socket() socket callback fix for close/re-create sockets case o SCP or SFTP over socks proxy crashed + o RC4-MD5 cipher now works with NSS-built libcurl This release includes the following known bugs: @@ -40,6 +41,7 @@ This release would not have looked like this without help, code, reports and advice from friends like these: Lenny Rachitsky, Axel Tillequin, Arnaud Ebalard, Yang Tse, Dan Fandrich, - Rob Crittenden, Dengminwen, Christopher Palow, Hans-Jürgen May + Rob Crittenden, Dengminwen, Christopher Palow, Hans-Jurgen May, + Phil Pellouchoud Thanks! (and sorry if I forgot to mention someone) diff --git a/lib/nss.c b/lib/nss.c index 093f127cf9..07bb2edd0e 100644 --- a/lib/nss.c +++ b/lib/nss.c @@ -104,6 +104,7 @@ enum sslversion { SSL2 = 1, SSL3 = 2, TLS = 4 }; static const cipher_s cipherlist[] = { /* SSL2 cipher suites */ {"rc4", SSL_EN_RC4_128_WITH_MD5, SSL2}, + {"rc4-md5", SSL_EN_RC4_128_WITH_MD5, SSL2}, {"rc4export", SSL_EN_RC4_128_EXPORT40_WITH_MD5, SSL2}, {"rc2", SSL_EN_RC2_128_CBC_WITH_MD5, SSL2}, {"rc2export", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, SSL2},