romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-14 22:41:40 +03:00
Code Issues Projects Releases Packages Wiki Activity

VULN-DISCLOSURE-POLICY: use of weak algos

Browse source 
Not necessarily security problems.

Closes #17220
This commit is contained in:
Daniel Stenberg 2025-04-29 11:10:19 +02:00
parent 2fa3d528ae
commit 9f57c2ea95
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
3 changed files with 12 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

10
docs/VULN-DISCLOSURE-POLICY.md
View file

@ -337,3 +337,13 @@ A *legacy dependency* is here defined as:
- there are modern versions of equivalent or better functionality offered and
in common use
## weak algorithms required for functionality
curl supports several algorithms that are considered weak, like DES and MD5.
These algorithms are still not curl security vulnerabilities or security
problems as they are only used when the users explicitly ask for their use by
using the protocols or options that require the use of those algorithms.
When servers upgrade to use secure alternatives, curl users should use those
options/protocols.