cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: CURL 7.46 version: support TLS1.2 only for outbound connections

From: Ray Satiro via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 5 Jul 2016 00:55:49 -0400

On 7/4/2016 11:41 PM, Gaurav Rastogi -X (garastog - ARICENT TECHNOLOGIES
MAURIITIUS LIMITED at Cisco) wrote:
> Would this option be used to initiate Client Connections using TLS1.2 only using curl and incase server does not support TLS1.2 then TLS connection would be rejected?

Please don't top post [1] it makes the conversation harder to follow.

If you use CURL_SSLVERSION_TLSv1_2 *and* you are using libcurl >= 7.34.0
*and* libcurl was built with an SSL library that supports TLSv1.2
connections then libcurl will tell it to only allow TLSv1.2. It is up to
your SSL library to actually do that, and I'm not aware of any case
where it doesn't if all the requirements are met. See how we do it with
OpenSSL for example [2], or search the repo for CURL_SSLVERSION_TLSv1_2
and find the code used for your SSL library to confirm.

[1]: https://curl.haxx.se/mail/etiquette.html#Do_Not_Top_Post
[2]:
https://github.com/curl/curl/blob/curl-7_49_1/lib/vtls/openssl.c#L1849-L1854

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-07-05