From 60350417e9fce752d2e6ea249d54934ae710f7cf Mon Sep 17 00:00:00 2001
From: Scott Cantor <cantor.2@osu.edu>
Date: Fri, 3 Aug 2007 19:15:14 +0000
Subject: [PATCH] Fix default cipher list, go back to SSLv3 only.

---
 xmltooling/soap/impl/CURLSOAPTransport.cpp | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/xmltooling/soap/impl/CURLSOAPTransport.cpp b/xmltooling/soap/impl/CURLSOAPTransport.cpp
index a1acf81..116d196 100644
--- a/xmltooling/soap/impl/CURLSOAPTransport.cpp
+++ b/xmltooling/soap/impl/CURLSOAPTransport.cpp
@@ -293,10 +293,8 @@ CURL* CURLPool::get(const char* to, const char* endpoint)
     curl_easy_setopt(handle,CURLOPT_NOPROGRESS,1);
     curl_easy_setopt(handle,CURLOPT_NOSIGNAL,1);
     curl_easy_setopt(handle,CURLOPT_FAILONERROR,1);
-    // I can't disable v2 without disallowing SSLv3 or TLS,
-    // so I'll rely on the cipher list to disable v2.
-    //curl_easy_setopt(handle,CURLOPT_SSLVERSION,3);
-    curl_easy_setopt(handle,CURLOPT_SSL_CIPHER_LIST,"HIGH:MEDIUM:!SSLv2");
+    curl_easy_setopt(handle,CURLOPT_SSLVERSION,CURL_SSLVERSION_SSLv3);
+    curl_easy_setopt(handle,CURLOPT_SSL_CIPHER_LIST,"ALL:!aNULL:!LOW:!EXPORT:!SSLv2");
     // Verification of the peer is via TrustEngine only.
     curl_easy_setopt(handle,CURLOPT_SSL_VERIFYPEER,0);
     curl_easy_setopt(handle,CURLOPT_HEADERFUNCTION,&curl_header_hook);
-- 
2.1.4