cURL / Mailing Lists / curl-library / Single Mail


Re: Cannot negotiate TLS/1.1 or 1.2 with nss.

From: James Cloos <>
Date: Tue, 19 Nov 2013 10:13:39 -0500

[Wierd. The copy in my archives has the full body; I do not know why
there is no body on the mailing list. Here it is again. -JimC]

Attempts to post this at
failed silently, so I'm writing here.

Testing shows that when linked to nss, even a modern version of nss
which can do TLS/1.1 and TLS/1.2, curl is unable to negotiate anything
more recent that TLS/1.0.

1.1 and 1.2 work fine with openssl and gnutls, and with other nss-using

I'm not sure whether ad34a2d5c87 impacted this.

I tested with nss-3.15.3.

Note that this is not about trying to limit which tls version curl uses,
but rather about negotiating the latest version the server supports and
about negotiating with servers which only support 1.1 and/or 1.2.

Feel free to use to test first of those two
cases, but I currently lack a public TLS/1.2-only test-case to offer.


James Cloos <>         OpenPGP: 1024D/ED7DAEA6
List admin:
Received on 2013-11-19