cURL / Mailing Lists / curl-library / Single Mail

curl-library

CURLOPT_SSLVERSION option to force TLS minor version?

From: Frank Meier <frank.meier_at_ergon.ch>
Date: Wed, 28 Mar 2012 11:20:23 +0200

Hi

we recently changed openssl to version 1.0.1 which supports tls1.2. Now
by default the SSL connections made by curl are using this TLS version
(if the server supports it of course). Unfortunately there seem to be
some servers in the wild, which hang indefinitely during the SSL
handshake. I can reproduce this using openssl s_client.

My resolution was to disable tls1.2 in the CURLOPT_SSL_CTX_FUNCTION with
SSL_CTX option SSL_OP_NO_TLSv1_2.

Now I thought if there is the easy handle option CURLOPT_SSLVERSION,
which cannot set the TLS minor version, could this be extended to have a
config option like CURL_SSLVERSION_TLSv10, v11, v12 to force to an
explicit TLS minor version?

cheers, Frank

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-03-28