cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: TLS1.2 from TLS1.0

From: Praveen Pvs <meetpraveenpvs_at_gmail.com>
Date: Wed, 30 Sep 2015 14:35:14 +0530

On Tue, Jul 28, 2015 at 6:36 AM, Aaron Meriwether <me_at_ameriwether.com>
wrote:

> On Jul 27, 2015, at 2:52 PM, Praveen Pvs <meetpraveenpvs_at_gmail.com> wrote:
>
> should we use specific version of TLS library?
>
>
> Yes, you will indeed need a recent enough version to support TLSv1.2.
>
> If you are using a *nix system, you are probably using OpenSSL or LibreSSL
> as your TLS library. If this is the case, the command "openssl version"
> should display the exact version.
>
> In OpenSSL, support for TLSv1.2 was added in version 1.0.1, so any version
> prior to that will not be able to provide TLSv1.2 facilities for curl.
>
> In fact, you should be able to simply upgrade your OpenSSL library without
> any other changes to your curl version or configuration, and curl should
> then be able to connect to your TLSv1.2-only server. Since you say the
> server is already enforcing the TLSv1.2 requirement, all you really need is
> for the SSL/TSL library used by curl to support TLSv1.2 - there is no
> particular requirement to upgrade and configure curl so as to force TLSv1.2
> from its end.
>
> -Aaron
>
>>>When i commented out the following line, then it auto negotiated to TLS
1.2 version. Is the following line setting to use up-to TLS 1.0 only?

/* To set preferred TLS/SSL version */
curl_easy_setopt(loccurlHandle, *CURLOPT_SSLVERSION*,
*CURL_SSLVERSION_TLSv1*);

>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-09-30