cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: About CURLOPT_SSLVERSION

From: Nick Zitzmann <nick_at_chronosnet.com>
Date: Sat, 5 Apr 2014 19:47:23 -0500

On Apr 5, 2014, at 10:21 AM, Woods <woods.biz_at_gmail.com> wrote:

> I understand CURLOPT_SSLVERSION has default value CURL_SSLVERSION_DEFAULT -
> This will attempt to figure out the remote SSL protocol version, i.e. either SSLv3 or TLSv1.
>
> However, I do encounter a HTTPS connection, that gives me CURLE_SSL_CONNECT_ERROR for easy perform, and I need to set CURL_SSLVERSION_SSLv3 to make it work properly.
>
> What I wish to find out is whether curl can do this protocol adaptation automatically as specified by CURL_SSLVERSION_DEFAULT. Or do I miss something in the code? Thanks.

CURLOPT_SSLVERSION_DEFAULT tells the TLS library to use its highest supported TLS version at the maximum and SSLv3 at the minimum. If it's not downgrading to SSLv3, then either one of these two things (or both) is true:

1. The server you are accessing is buggy and will not graciously downgrade from TLS 1.0/1.1/1.2 to SSLv3.
2. The back-end you are using isn't properly configuring SSLv3 when CURLOPT_SSLVERSION_DEFAULT is in use (assuming the back-end is not axTLS, which does not support SSLv3).

What back-end are you using? I haven't experienced this problem with either OpenSSL or Secure Transport. Are you able to connect to this site using some other client, e.g. Firefox?

Nick Zitzmann
<http://www.chronosnet.com/>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-04-06