cURL / Mailing Lists / curl-library / Single Mail


Re: forcing TLS FTP

From: Daniel Stenberg <>
Date: Sat, 2 Apr 2005 22:52:52 +0200 (CEST)

On Sat, 2 Apr 2005, Ivan Makale wrote:

> I'm trying SSL-TLS FTP with the curl library. Now I need to understand
> better if I can force TLS (for now only server authentication).

It depends slightly on what you mean with "force TLS" ?

> From the documentation, I understand that
> curl_easy_setopt(curl, CURLOPT_FTPSSLAUTH, CURLFTPAUTH_TLS);
> makes curl try first TLS and, if it fails, SSL in a second trial.

... as parameter to the AUTH function sent to the FTP server, yes. It does not
control the actual secure layer version (SSL or TLS) or anything.

> If I add the option
> curl_easy_setopt(curl, CURLOPT_SSLVERSION, 1);
> does it force TLS, disabling the SSL second trial? If not, are there any
> other ways to do it?

I recommend using CURL_SSLVERSION_TLSv1 instead of '1'.

But yes, that'll make OpenSSL assume and use TLSv1 when negotiating the secure

The "SSL second trial" is FTP-protocol oriented while CURLOPT_SSLVERSION is
SSL-protocol oriented, so CURLOPT_SSLVERSION does not disable "AUTH SSL" if
"AUTH TLS" fails.

  Commercial curl and libcurl Technical Support:
Received on 2005-04-02