Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Time to deprecate TLS 1.0 and 1.1 ?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 10 Jul 2025 23:23:52 +0200 (CEST)
Right,
For all reasons, see RFC 8996 => https://datatracker.ietf.org/doc/html/rfc8996
Who would get upset?
Proposed approach:
1. We change the default (CURL_SSLVERSION_DEFAULT) and v1
(CURL_SSLVERSION_TLSv1) to mean >= 1.2 in 8.16.0 (September
2025 release)
2. We give everyone six more months to adapt, protest or similar and then in
March 2026 we make libcurl return error if asked to use anything lower than
1.2
3. In march 2026 (around 8.20.0) we ship without support for TLS < 1.2
Any problems with this?
Date: Thu, 10 Jul 2025 23:23:52 +0200 (CEST)
Right,
For all reasons, see RFC 8996 => https://datatracker.ietf.org/doc/html/rfc8996
Who would get upset?
Proposed approach:
1. We change the default (CURL_SSLVERSION_DEFAULT) and v1
(CURL_SSLVERSION_TLSv1) to mean >= 1.2 in 8.16.0 (September
2025 release)
2. We give everyone six more months to adapt, protest or similar and then in
March 2026 we make libcurl return error if asked to use anything lower than
1.2
3. In march 2026 (around 8.20.0) we ship without support for TLS < 1.2
Any problems with this?
-- / daniel.haxx.se || https://rock-solid.curl.dev -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2025-07-10