|
 |
8952ae |
--- lib/IO/Socket/SSL.pm
|
|
|
8952ae |
+++ lib/IO/Socket/SSL.pm
|
|
|
1a2827 |
@@ -164,7 +164,7 @@ if ( defined &Net::SSLeay::CTX_set_min_p
|
|
|
8952ae |
# global defaults
|
|
|
8952ae |
my %DEFAULT_SSL_ARGS = (
|
|
|
8952ae |
SSL_check_crl => 0,
|
|
|
8952ae |
- SSL_version => 'SSLv23:!SSLv3:!SSLv2', # consider both SSL3.0 and SSL2.0 as broken
|
|
|
8952ae |
+ SSL_version => '',
|
|
|
8952ae |
SSL_verify_callback => undef,
|
|
|
8952ae |
SSL_verifycn_scheme => undef, # fallback cn verification
|
|
|
8952ae |
SSL_verifycn_publicsuffix => undef, # fallback default list verification
|
|
|
1a2827 |
@@ -2335,7 +2335,7 @@ sub new {
|
|
|
8952ae |
|
|
|
8952ae |
my $ssl_op = $DEFAULT_SSL_OP;
|
|
|
8952ae |
|
|
|
8952ae |
- my $ver;
|
|
|
8952ae |
+ my $ver = '';
|
|
|
8952ae |
for (split(/\s*:\s*/,$arg_hash->{SSL_version})) {
|
|
|
8952ae |
m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1(?:_?[123])?))$}i
|
|
|
8952ae |
or croak("invalid SSL_version specified");
|
|
|
8952ae |
--- lib/IO/Socket/SSL.pod
|
|
|
8952ae |
+++ lib/IO/Socket/SSL.pod
|
|
|
1a2827 |
@@ -1028,11 +1028,12 @@ All values are case-insensitive. Instea
|
|
|
1a2827 |
'TLSv1_3' one can also use 'TLSv11', 'TLSv12', and 'TLSv13'. Support for
|
|
|
1a2827 |
'TLSv1_1', 'TLSv1_2', and 'TLSv1_3' requires recent versions of Net::SSLeay
|
|
|
1a2827 |
and openssl.
|
|
|
8952ae |
+The default SSL_version is defined by the underlying cryptographic library.
|
|
|
8952ae |
|
|
|
8952ae |
Independent from the handshake format you can limit to set of accepted SSL
|
|
|
8952ae |
versions by adding !version separated by ':'.
|
|
|
8952ae |
|
|
|
8952ae |
-The default SSL_version is 'SSLv23:!SSLv3:!SSLv2' which means, that the
|
|
|
8952ae |
+For example, 'SSLv23:!SSLv3:!SSLv2' means that the
|
|
|
8952ae |
handshake format is compatible to SSL2.0 and higher, but that the successful
|
|
|
8952ae |
handshake is limited to TLS1.0 and higher, that is no SSL2.0 or SSL3.0 because
|
|
|
8952ae |
both of these versions have serious security issues and should not be used
|