curl / libcurl / API / curl_easy_setopt / CURLOPT_SSLVERSION

CURLOPT_SSLVERSION explained

NAME

CURLOPT_SSLVERSION - set preferred TLS/SSL version

SYNOPSIS

#include <curl/curl.h>

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLVERSION, long version);

DESCRIPTION

Pass a long as parameter to control which version range of SSL/TLS versions to use.

The SSL and TLS versions have typically developed from the most insecure version to be more and more secure in this order through history: SSL v2, SSLv3, TLS v1.0, TSL v1.1, TSL v1.2 and the most recent TLS v1.3.

Use one of the available defines for this purpose. The available options are:

CURL_SSLVERSION_DEFAULT

The default acceptable version range. The mimimum acceptable version is by default TLS 1.0 since 7.39.0 (unless the TLS library has a stricter rule).

CURL_SSLVERSION_TLSv1

TLS v1.0 or later

CURL_SSLVERSION_SSLv2

SSL v2 (but not SSLv3)

CURL_SSLVERSION_SSLv3

SSL v3 (but not SSLv2)

CURL_SSLVERSION_TLSv1_0

TLS v1.0 or later (Added in 7.34.0)

CURL_SSLVERSION_TLSv1_1

TLS v1.1 or later (Added in 7.34.0)

CURL_SSLVERSION_TLSv1_2

TLS v1.2 or later (Added in 7.34.0)

CURL_SSLVERSION_TLSv1_3

TLS v1.3 or later (Added in 7.52.0)

The maximum TLS version can be set by using one of the CURL_SSLVERSION_MAX_ macros below. It is also possible to OR one of the CURL_SSLVERSION_ macros with one of the CURL_SSLVERSION_MAX_ macros. The MAX macros are not supported for SSL backends axTLS or wolfSSL.

CURL_SSLVERSION_MAX_DEFAULT

The flag defines the maximum supported TLS version by libcurl, or the default value from the SSL library is used. libcurl will use a sensible default maximum, which was TLS 1.2 up to before 7.61.0 and is TLS 1.3 since then - assuming the TLS library support it. (Added in 7.54.0)

CURL_SSLVERSION_MAX_TLSv1_0

The flag defines maximum supported TLS version as TLS v1.0. (Added in 7.54.0)

CURL_SSLVERSION_MAX_TLSv1_1

The flag defines maximum supported TLS version as TLS v1.1. (Added in 7.54.0)

CURL_SSLVERSION_MAX_TLSv1_2

The flag defines maximum supported TLS version as TLS v1.2. (Added in 7.54.0)

CURL_SSLVERSION_MAX_TLSv1_3

The flag defines maximum supported TLS version as TLS v1.3. (Added in 7.54.0)

DEFAULT

CURL_SSLVERSION_DEFAULT

PROTOCOLS

All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.

EXAMPLE

CURL *curl = curl_easy_init();
if(curl) {
  curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
 
  /* ask libcurl to use TLS version 1.0 or later */
  curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
 
  /* Perform the request */
  curl_easy_perform(curl);
}

AVAILABILITY

SSLv2 is disabled by default since 7.18.1. Other SSL versions availability may vary depending on which backend libcurl has been built to use.

SSLv3 is disabled by default since 7.39.0.

RETURN VALUE

Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.

SEE ALSO

CURLOPT_USE_SSL, CURLOPT_HTTP_VERSION, CURLOPT_IPRESOLVE

This HTML page was made with roffit.