curl-library
Re: forcing TLS FTP
Date: Sat, 2 Apr 2005 22:52:52 +0200 (CEST)
On Sat, 2 Apr 2005, Ivan Makale wrote:
> I'm trying SSL-TLS FTP with the curl library. Now I need to understand
> better if I can force TLS (for now only server authentication).
It depends slightly on what you mean with "force TLS" ?
> From the documentation, I understand that
>
> curl_easy_setopt(curl, CURLOPT_FTPSSLAUTH, CURLFTPAUTH_TLS);
>
> makes curl try first TLS and, if it fails, SSL in a second trial.
... as parameter to the AUTH function sent to the FTP server, yes. It does not
control the actual secure layer version (SSL or TLS) or anything.
> If I add the option
>
> curl_easy_setopt(curl, CURLOPT_SSLVERSION, 1);
>
> does it force TLS, disabling the SSL second trial? If not, are there any
> other ways to do it?
I recommend using CURL_SSLVERSION_TLSv1 instead of '1'.
But yes, that'll make OpenSSL assume and use TLSv1 when negotiating the secure
transport.
The "SSL second trial" is FTP-protocol oriented while CURLOPT_SSLVERSION is
SSL-protocol oriented, so CURLOPT_SSLVERSION does not disable "AUTH SSL" if
"AUTH TLS" fails.
-- Commercial curl and libcurl Technical Support: http://haxx.se/curl.htmlReceived on 2005-04-02