It (the OpenSSL backend) is in fact trying only 1.1 when that option is given, and only 1.2 when that option is given... So in that regard the code works like the documentation implies.
The question is then probably if it really should work like that...
Yeah, but what I (mostly) mean is that the documentation, at least the way I read it, contradicts itself. That is, that the --tls-max text says one thing about minimum, and the --tlsv* another thing.
The code treated the set version as the *exact* version to require in
the TLS handshake, which is not what other TLS backends do and probably
not what most people expect either.
Reported-by: Andreas Olsson
Fixes#2691
The
curl(1)
man page has the following to say about the--tls-max
option.The way I read that section it implies that (for example) the option
--tlsv1.1
will try to use TLS version 1.1 or higher.On the other hand, the
curl(1)
man page has the following to say about the--tlsv1.1
specifically.The way I read that section the option
--tlsv1.1
will try to use TLS version 1.1, only. That is also the behavior I get when trying out the--tlsv1.1
.At least to me the "A minimum is defined by arguments tlsv1.0 or tlsv1.1 or tlsv1.2." phrase is misleading, and should perhaps be removed?
I did this
...which suggests that
--tlsv1.1
only tried to establish a TLS version 1.1 connection.curl/libcurl version
operating system
Ubuntu 18.04
The text was updated successfully, but these errors were encountered: