On Sat, 2 Apr 2005, Ivan Makale wrote:

> I'm trying SSL-TLS FTP with the curl library. Now I need to understand
> better if I can force TLS (for now only server authentication).

It depends slightly on what you mean with "force TLS" ?

> From the documentation, I understand that
>
> curl_easy_setopt(curl, CURLOPT_FTPSSLAUTH, CURLFTPAUTH_TLS);
>
> makes curl try first TLS and, if it fails, SSL in a second trial.

... as parameter to the AUTH function sent to the FTP server, yes. It does not
control the actual secure layer version (SSL or TLS) or anything.

> If I add the option
>
> curl_easy_setopt(curl, CURLOPT_SSLVERSION, 1);
>
> does it force TLS, disabling the SSL second trial? If not, are there any
> other ways to do it?

I recommend using CURL_SSLVERSION_TLSv1 instead of '1'.

But yes, that'll make OpenSSL assume and use TLSv1 when negotiating the secure
transport.

The "SSL second trial" is FTP-protocol oriented while CURLOPT_SSLVERSION is
SSL-protocol oriented, so CURLOPT_SSLVERSION does not disable "AUTH SSL" if
"AUTH TLS" fails.

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html