From 51693d8e36f490c6cf0691397aa6d8e310360588 Mon Sep 17 00:00:00 2001
From: cantor <cantor@de75baf8-a10c-0410-a50a-987c0e22f00f>
Date: Thu, 2 Aug 2007 17:17:50 +0000
Subject: [PATCH] Default to 128-bit ciphers and try disabling SSLv2 via cipher
 list.

git-svn-id: https://svn.middleware.georgetown.edu/cpp-xmltooling/trunk@366 de75baf8-a10c-0410-a50a-987c0e22f00f
---
 xmltooling/soap/impl/CURLSOAPTransport.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/xmltooling/soap/impl/CURLSOAPTransport.cpp b/xmltooling/soap/impl/CURLSOAPTransport.cpp
index 423a3ba..319b16f 100644
--- a/xmltooling/soap/impl/CURLSOAPTransport.cpp
+++ b/xmltooling/soap/impl/CURLSOAPTransport.cpp
@@ -293,7 +293,10 @@ CURL* CURLPool::get(const char* to, const char* endpoint)
     curl_easy_setopt(handle,CURLOPT_NOPROGRESS,1);
     curl_easy_setopt(handle,CURLOPT_NOSIGNAL,1);
     curl_easy_setopt(handle,CURLOPT_FAILONERROR,1);
-    curl_easy_setopt(handle,CURLOPT_SSLVERSION,3);
+    // I can't disable v2 without disallowing SSLv3 or TLS,
+    // so I'll rely on the cipher list to disable v2.
+    //curl_easy_setopt(handle,CURLOPT_SSLVERSION,3);
+    curl_easy_setopt(handle,CURLOPT_SSL_CIPHER_LIST,"HIGH:MEDIUM:!SSLv2");
     // Verification of the peer is via TrustEngine only.
     curl_easy_setopt(handle,CURLOPT_SSL_VERIFYPEER,0);
     curl_easy_setopt(handle,CURLOPT_HEADERFUNCTION,&curl_header_hook);
-- 
2.1.4