curl-users
How to enforce a given TLS version with curl?
Date: Tue, 18 Dec 2018 22:35:42 +0800
Hi,
If I want to use only TLSv1.2 with curl, how to enforce it? (for
testing purpose)
I thought I can use "--tlsv1.2" option based on curl help.
$ curl --version
curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.1
zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4)
nghttp2/1.30.0 librtmp/2.3
Release-Date: 2018-01-24
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps
pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM
NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
$ curl -h | sed -ne '/--tlsv/p'
-1, --tlsv1 Use TLSv1.0 or greater
--tlsv1.0 Use TLSv1.0
--tlsv1.1 Use TLSv1.1
--tlsv1.2 Use TLSv1.2
--tlsv1.3 Use TLSv1.3
But the "Everything Curl" books says:
https://ec.haxx.se/usingcurl-tls.html
--sslv2 SSL version 2
--sslv3 SSL version 3
--tlsv1 TLS >= version 1.0
--tlsv1.0 TLS >= version 1.0
--tlsv1.1 TLS >= version 1.1
--tlsv1.2 TLS >= version 1.2
--tlsv1.3 TLS >= version 1.3
When I use the option --tlsv1.2 with a server that supports both
TLSv1.2 and TLSv1.3, it is automatically selecting TLSv1.3.
So looks like the everything curl book is correct.
If I want to enforce a particular TLS version, how to do that?
with regards,
Saravanan
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2018-12-18