Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: handshake version shown as TLS1.0 even TLS1.2 set as minimum supported version in libcurl
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Rich Gray via curl-users <curl-users_at_cool.haxx.se>
Date: Wed, 7 Oct 2020 19:01:12 -0400
nallasivan k via curl-users wrote:
> Hi,
> curl_easy_setopt(m_pSession, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
>
> usign the above API , I set TLS1.2 as minimum supported TLS version, but
> still i could see the Handshake version shown in tLS1.0 .
>
> Kindly help me to resolve this issue.
>
> Thanks
> Nallasivan.k
>
I don't think there is an issue if https://tls.ulfheim.net/ is to believed.
Drill down into the Client Hello and you'll see that TLS 1.0 is used as a
Record Header format specifier which hasn't changed for later TLS versions.
The real 1.2 indicator follows in Client Version.
It notes that the source (of what?) has the following comment:
// Some TLS servers fail if the record version is
// greater than TLS 1.0 for the initial ClientHello.
- Rich
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-10-08
Date: Wed, 7 Oct 2020 19:01:12 -0400
nallasivan k via curl-users wrote:
> Hi,
> curl_easy_setopt(m_pSession, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
>
> usign the above API , I set TLS1.2 as minimum supported TLS version, but
> still i could see the Handshake version shown in tLS1.0 .
>
> Kindly help me to resolve this issue.
>
> Thanks
> Nallasivan.k
>
I don't think there is an issue if https://tls.ulfheim.net/ is to believed.
Drill down into the Client Hello and you'll see that TLS 1.0 is used as a
Record Header format specifier which hasn't changed for later TLS versions.
The real 1.2 indicator follows in Client Version.
It notes that the source (of what?) has the following comment:
// Some TLS servers fail if the record version is
// greater than TLS 1.0 for the initial ClientHello.
- Rich
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-10-08