Skip to content

Commit

Permalink
curl.1: Document weaknesses in SSLv2 and SSLv3
Browse files Browse the repository at this point in the history 
Acknowledge that SSLv3 is also widely considered to be insecure.

Also, provide references for people who want to know more about why it's
insecure.
  • Loading branch information
@dkg @bagder
dkg authored and bagder committed Aug 15, 2015
1 parent bedf0a5 commit 31673ff
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions docs/curl.1
View file
Expand Up @@ -171,10 +171,11 @@ a level of control).
.IP "-2, --sslv2"
(SSL) Forces curl to use SSL version 2 when negotiating with a remote SSL
server. Sometimes curl is built without SSLv2 support. SSLv2 is widely
considered insecure.
considered insecure (see RFC 6176).
.IP "-3, --sslv3"
(SSL) Forces curl to use SSL version 3 when negotiating with a remote SSL
server. Sometimes curl is built without SSLv3 support.
server. Sometimes curl is built without SSLv3 support. SSLv3 is widely
considered insecure (see RFC 7568).
.IP "-4, --ipv4"
This option tells curl to resolve names to IPv4 addresses only, and not for
example try IPv6.
Expand Down

0 comments on commit 31673ff

Please sign in to comment.