curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: handshake version shown as TLS1.0 even TLS1.2 set as minimum supported version in libcurl

From: Rich Gray via curl-users <>
Date: Wed, 7 Oct 2020 19:01:12 -0400

nallasivan k via curl-users wrote:
> Hi,

> curl_easy_setopt(m_pSession, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
> usign the above API , I set TLS1.2 as minimum supported TLS version, but
> still i could see the Handshake version shown in tLS1.0 .
> Kindly help me to resolve this issue.
> Thanks
> Nallasivan.k

I don't think there is an issue if is to believed.
  Drill down into the Client Hello and you'll see that TLS 1.0 is used as a
Record Header format specifier which hasn't changed for later TLS versions.
The real 1.2 indicator follows in Client Version.

It notes that the source (of what?) has the following comment:

// Some TLS servers fail if the record version is
// greater than TLS 1.0 for the initial ClientHello.

- Rich

Received on 2020-10-08