curl/docs/cmdline-opts/sslv2.d
Daniel Stenberg cf65d4237e
curl: ignore options asking for SSLv2 or SSLv3
Instead output a warning about it and continue with the defaults.

These SSL versions are typically not supported by the TLS libraries since a
long time back already since they are inherently insecure and broken. Asking
for them to be used will just cause an error to be returned slightly later.

In the unlikely event that a user's TLS library actually still supports these
protocol versions, this change might make the request a little less insecure.

Closes #6772
2021-04-19 08:14:05 +02:00

14 lines
324 B
Makefile

Short: 2
Long: sslv2
Tags: Versions
Protocols: SSL
Added:
Mutexed: sslv3 tlsv1 tlsv1.1 tlsv1.2
Requires: TLS
See-also: http1.1 http2
Help: Use SSLv2
Category: tls
---
This option previously asked curl to use SSLv2, but starting in curl 7.77.0 this
instruction is ignored. SSLv2 is widely considered insecure (see RFC 6176).