The most flexible way in OpenSSL to choose exactly what versions should be accepted is to always use SSLv23_client_method, but set the exact versions in the context options.
There are currently 5 flags that can be set in the options:
SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2

---
** [bugs:#1280] Can't use curl with TLSv1.2 (OpenSSL)**
**Status:** open-confirmed
**Created:** Tue Sep 17, 2013 10:15 AM UTC by NGG
**Last Updated:** Tue Sep 17, 2013 09:32 PM UTC
**Owner:** Daniel Stenberg
I'd like to use TLSv1.2 with curl, but currently there is no option for that.
If I choose CURL_SSLVERSION_DEFAULT, then it can use TLSv1.2 but it also enables SSLv3, and our client would be vulnerable to version rollback attacks.
If I choose CURL_SSLVERSION_TLSv1, then it can only use TLSv1 but not TLSv1.2.
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.