It would be great if the secure connection method could be set. Currently, the following line of code means that the SSL connection isn't very secure as lots of insecure cipher suites are given (checked using howsmyssl.com). It also can't make requests to various websites due to the TLS version being too low.
req->ctx = SSL_CTX_new(TLSv1_1_client_method());
A function should be added that changes which TLS method is used and allows client certificates to be used instead. To enable the latest TLS version, the following method needs to be passed to SSL_CTX_newTLSv1_2_client_method
To add a client CA certificate, the following function should be used instead of SSL_CTX_newSSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
I think it would make sense if the security method was set using req_setopt(req, REQ_SET_SECURITY, void *data), with the data field being one of the following:
"none""TLS 1.1""TLS 1.2""CA CERT"(X509 *x)
malaimoo
commented
6 years ago
It would be great if the secure connection method could be set. Currently, the following line of code means that the SSL connection isn't very secure as lots of insecure cipher suites are given (checked using howsmyssl.com). It also can't make requests to various websites due to the TLS version being too low.
req->ctx = SSL_CTX_new(TLSv1_1_client_method());A function should be added that changes which TLS method is used and allows client certificates to be used instead. To enable the latest TLS version, the following method needs to be passed to
SSL_CTX_newTLSv1_2_client_methodTo add a client CA certificate, the following function should be used instead ofSSL_CTX_newSSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)I think it would make sense if the security method was set using
req_setopt(req, REQ_SET_SECURITY, void *data), with the data field being one of the following:"none""TLS 1.1""TLS 1.2""CA CERT"(X509 *x)