curl-library
Re: How to force usage TLS instead of SSL
Date: Thu, 13 Nov 2014 15:41:15 +0530
Hi All,
Please let me know if any one has any input regarding How to set the option
to use TLS instead of SSL3.
Will libcurl uses SSL by default?
While looking data for this online, i have got this info:
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_USE_SSL, long level);
CURLUSESSL_NONE
Don't attempt to use SSL.
CURLUSESSL_TRY
Try using SSL, proceed as normal otherwise.
CURLUSESSL_CONTROL
Require SSL for the control connection or fail with CURLE_USE_SSL_FAILED
<http://curl.haxx.se/libcurl/c/libcurl-errors.html#CURLEUSESSLFAILED>.
CURLUSESSL_ALL
Require SSL for all communication or fail with CURLE_USE_SSL_FAILED
<http://curl.haxx.se/libcurl/c/libcurl-errors.html#CURLEUSESSLFAILED>.
I dont see any option which says use TLS. Suppose if i set CURLOPT_USE_SSL
option to CURLUSESSL_NONE, will it use TLS?
Any inputs will be great help to me.
Thank you.
Regards
Praveen
On Thu, Nov 13, 2014 at 10:16 AM, Praveen Pvs <meetpraveenpvs_at_gmail.com>
wrote:
> Hi All,
>
> Currently i have a client application which sends some data to the server
> using CURL library.
>
> Due to SSL3 POODLE vulnerability (
> http://security.stackexchange.com/questions/70719/ssl3-poodle-vulnerability),
> i was asked to use TLS instead of SSL.
>
> I was wondering how to set these options, could any one help me with which
> options i need to set to use TLS instead of SSL.
>
> Currently I have following options set in my application:
>
> ---------------------------------------------------------------------------------------------------------------------
> /* Set the URL */
> curl_easy_setopt(locHandle, CURLOPT_URL, szTmpURL);
>
> /* Set the connection timeout */
> curl_easy_setopt(locHandle, CURLOPT_CONNECTTIMEOUT, hostDef.conTimeOut);
>
> /* Set the response timeout */
> curl_easy_setopt(locHandle, CURLOPT_TIMEOUT,
> hostDef.conTimeOut + hostDef.respTimeOut);
>
> curl_easy_setopt(handle, CURLOPT_NOSIGNAL, 1L);
>
> /* Set the HTTP post option */
> curl_easy_setopt(handle, CURLOPT_POST, 1L);
>
> /* Add the headers */
> curl_easy_setopt(handle, CURLOPT_HTTPHEADER, headers);
>
> /* Add the debug function */
> curl_easy_setopt(handle, CURLOPT_DEBUGFUNCTION, curlDbgFunc);
>
> curl_easy_setopt(handle, CURLOPT_SSL_VERIFYPEER, 1L);
> curl_easy_setopt(handle, CURLOPT_SSL_VERIFYHOST, 2L);
>
> /* Set the CA certificate */
> curl_easy_setopt(handle, CURLOPT_CAINFO, CA_CERT_FILE);
>
> /* Set the write function */
> curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, saveResponse);
>
> /* Set the detection as TRUE for HTTP errors */
> curl_easy_setopt(handle, CURLOPT_FAILONERROR, PAAS_TRUE);
>
> ---------------------------------------------------------------------------------------------------------------------
>
> Please let me know if any more information is required. Thank you for your
> time and help.
>
> Regards
> Praveen
>
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-11-13