cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Reg : How to support both TLS and SSL

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 23 Sep 2009 19:56:17 +0200 (CEST)

On Wed, 23 Sep 2009, Deepesh Damodaran wrote:

> As I referred the URL http://curl.haxx.se/libcurl/c/curl_easy_setopt.html,
> it mentions CURLUSESSL_ALL option as "Require SSL for all communication or
> fail with CURLE_USE_SSL_FAILED.

In that context, SSL really means SSL or TLS. To curl (and many others) the
differences between SSL and TLS are insignificant.

> But CURLFTPAUTH_SSL says - "Try "AUTH SSL" first, and only if that fails try
> "AUTH TLS".

Right, but even there the differences are insignificant. It's just a matter of
what command curl sends first and which it sends as a backup, as it will
negotiate SSL and/or TLS the same way no matter which of those two commands
that it uses!

> During our testing we found "AUTH TLS" fails. So I am wondering if the 1st
> and 2nd options are conflicting forcing the application only to use SSL and
> fail if it is TLS.

The "AUTH TLS" vs "AUTH SSL" is just a matter of what command the server is
made to serve. Earlier implementations preferred SSL I believe, while latter
servers and the RFC say TLS.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2009-09-23