Re: default cipher suites in curl

[Michael Samuel <mik () miknet net>]

On 7 July 2014 22:05, Marcus Meissner <meissner () suse de> wrote:
> > This will only happen when the server either doesn't support stronger
> > ciphers or when the server requests it's cipher order be honoured and
> > chooses export ciphers first.   An attacker can't trigger this with SSLv3
> > or TLS.
>
> I was more thinking of a man in the middle attack during the connection
> setup.

That only works with SSLv2.   SSLv3 and TLSv1 won't allow this.