cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: How to force usage TLS instead of SSL

From: Praveen Pvs <meetpraveenpvs_at_gmail.com>
Date: Thu, 13 Nov 2014 15:41:15 +0530

Hi All,

Please let me know if any one has any input regarding How to set the option
to use TLS instead of SSL3.

Will libcurl uses SSL by default?

While looking data for this online, i have got this info:

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_USE_SSL, long level);

CURLUSESSL_NONE

Don't attempt to use SSL.

CURLUSESSL_TRY

Try using SSL, proceed as normal otherwise.

CURLUSESSL_CONTROL

Require SSL for the control connection or fail with CURLE_USE_SSL_FAILED
<http://curl.haxx.se/libcurl/c/libcurl-errors.html#CURLEUSESSLFAILED>.

CURLUSESSL_ALL

Require SSL for all communication or fail with CURLE_USE_SSL_FAILED
<http://curl.haxx.se/libcurl/c/libcurl-errors.html#CURLEUSESSLFAILED>.
I dont see any option which says use TLS. Suppose if i set CURLOPT_USE_SSL
option to CURLUSESSL_NONE, will it use TLS?

Any inputs will be great help to me.

Thank you.

Regards
Praveen

On Thu, Nov 13, 2014 at 10:16 AM, Praveen Pvs <meetpraveenpvs_at_gmail.com>
wrote:

> Hi All,
>
> Currently i have a client application which sends some data to the server
> using CURL library.
>
> Due to SSL3 POODLE vulnerability (
> http://security.stackexchange.com/questions/70719/ssl3-poodle-vulnerability),
> i was asked to use TLS instead of SSL.
>
> I was wondering how to set these options, could any one help me with which
> options i need to set to use TLS instead of SSL.
>
> Currently I have following options set in my application:
>
> ---------------------------------------------------------------------------------------------------------------------
> /* Set the URL */
> curl_easy_setopt(locHandle, CURLOPT_URL, szTmpURL);
>
> /* Set the connection timeout */
> curl_easy_setopt(locHandle, CURLOPT_CONNECTTIMEOUT, hostDef.conTimeOut);
>
> /* Set the response timeout */
> curl_easy_setopt(locHandle, CURLOPT_TIMEOUT,
> hostDef.conTimeOut + hostDef.respTimeOut);
>
> curl_easy_setopt(handle, CURLOPT_NOSIGNAL, 1L);
>
> /* Set the HTTP post option */
> curl_easy_setopt(handle, CURLOPT_POST, 1L);
>
> /* Add the headers */
> curl_easy_setopt(handle, CURLOPT_HTTPHEADER, headers);
>
> /* Add the debug function */
> curl_easy_setopt(handle, CURLOPT_DEBUGFUNCTION, curlDbgFunc);
>
> curl_easy_setopt(handle, CURLOPT_SSL_VERIFYPEER, 1L);
> curl_easy_setopt(handle, CURLOPT_SSL_VERIFYHOST, 2L);
>
> /* Set the CA certificate */
> curl_easy_setopt(handle, CURLOPT_CAINFO, CA_CERT_FILE);
>
> /* Set the write function */
> curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, saveResponse);
>
> /* Set the detection as TRUE for HTTP errors */
> curl_easy_setopt(handle, CURLOPT_FAILONERROR, PAAS_TRUE);
>
> ---------------------------------------------------------------------------------------------------------------------
>
> Please let me know if any more information is required. Thank you for your
> time and help.
>
> Regards
> Praveen
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-11-13

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: How to force usage TLS instead of SSL"
Previous message: Daniel Stenberg: "RE: curl_multi_fdset always returns -1 for maxfd"
In reply to: Praveen Pvs: "How to force usage TLS instead of SSL"
Next in thread: Daniel Stenberg: "Re: How to force usage TLS instead of SSL"
Reply: Daniel Stenberg: "Re: How to force usage TLS instead of SSL"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]