--tls-max doesn't always have an effect

[bagder]

(via byte_bucket on IRC)

I did this

curl -v -I --tls-max 1.0 https://example.com

I expected the following

That the connection would only allow TLS 1.0 and no later TLS version. But this negotiates TLS 1.2 just fine.

However, if I also add --tlsv1.0 to the command line, it behaves as expected and gets a TLS 1.0 connection:

curl -v -I --tls-max 1.0 --tlsv1.0 https://example.com

curl/libcurl version

git master (7.60.0-DEV) using the OpenSSL backend (this is most likely very dependent on the specific TLS backend in use)

operating system

All, but I reproduced on Linux.