curl / Mailing Lists / curl-library / Single Mail

curl-library

Aw: Using CURLOPT_SSLVERSION?

From: Bernhard Jaeger <B.Jaeger1_at_gmx.net>
Date: Fri, 29 Jun 2018 11:35:46 +0200
Hi,
 
I think this would be trouble for me as I am trying to compare TLS 1.2 and TLS 1.3.
If I can only set the minimum version than I won't be able to guarantee the usage of TLS 1.2.
Would it be possible to have both options minimum and exact version?
 
-- Bernhard Jaeger
Gesendet: Donnerstag, 28. Juni 2018 um 23:32 Uhr
Von: "Daniel Stenberg" <daniel@haxx.se>
An: "libcurl hacking" <curl-library@cool.haxx.se>
Betreff: Using CURLOPT_SSLVERSION?
Hi,

The OpenSSL backend treats the TLS version specified with CURLOPT_SSLVERSION
as the exact version you want to negotiate, not the minimum version. I believe
this is not what people expect (and the documentation wasn't really crystal
clear either on this). It also makes it impossible to ask for, for example 1.1
and 1.2 but not 1.3 with our current options.

I want to change this to make the option explicitly set the lowest acceptable
TLS version: https://github.com/curl/curl/pull/2694

If you think this causes you trouble, now would be a great time to let me
know! =)

(PS, in a separate PR I'm updating the default to allow TLS 1.3 connections
without any special option: https://github.com/curl/curl/pull/2693 )

--

/ daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2018-06-29