curl / Mailing Lists / curl-library / Single Mail

curl-library

Using CURLOPT_SSLVERSION?

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 28 Jun 2018 23:32:56 +0200 (CEST)

Hi,

The OpenSSL backend treats the TLS version specified with CURLOPT_SSLVERSION
as the exact version you want to negotiate, not the minimum version. I believe
this is not what people expect (and the documentation wasn't really crystal
clear either on this). It also makes it impossible to ask for, for example 1.1
and 1.2 but not 1.3 with our current options.

I want to change this to make the option explicitly set the lowest acceptable
TLS version: https://github.com/curl/curl/pull/2694

If you think this causes you trouble, now would be a great time to let me
know! =)

(PS, in a separate PR I'm updating the default to allow TLS 1.3 connections
without any special option: https://github.com/curl/curl/pull/2693 )

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Received on 2018-06-28

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Using libcurl to send shell commands through SSH?"
Previous message: Daniel Stenberg: "Re: libcurl 7.60: CURLUSESSL_ALL set, but still only ftp connection"
Next in thread: Bernhard Jaeger: "Aw: Using CURLOPT_SSLVERSION?"
Reply: Bernhard Jaeger: "Aw: Using CURLOPT_SSLVERSION?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]