curl: May use weak encryption algorithms
Background
Static Analysis revealed the following uses of curl_easy_init
not followed by any CURLOPT_SSLVERSION
setting:
Source/CTest/cmCTestSubmitHandler.cxx
Source/cmFileCommand.cxx
Utilities/cmcurl/curltest.c
Utilities/cmcurl/lib/conncache.c
Possible Solution
Add curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
to explicitly set the SSL TLS version.
It may be desirable to give the user the option to use deprecated encryption algorithms by wrapping this in an option that defaults to ON
.
Edited by Brad King