curl(1) unclear regarding minimum TLS version #2691
Description
The curl(1) man page has the following to say about the --tls-max option.
(SSL) VERSION defines maximum supported TLS version. A minimum is defined by arguments tlsv1.0 or tlsv1.1 or tlsv1.2.
The way I read that section it implies that (for example) the option --tlsv1.1 will try to use TLS version 1.1 or higher.
On the other hand, the curl(1) man page has the following to say about the --tlsv1.1 specifically.
(TLS) Forces curl to use TLS version 1.1 when connecting to a remote TLS server.
The way I read that section the option --tlsv1.1 will try to use TLS version 1.1, only. That is also the behavior I get when trying out the --tlsv1.1.
At least to me the "A minimum is defined by arguments tlsv1.0 or tlsv1.1 or tlsv1.2." phrase is misleading, and should perhaps be removed?
I did this
$ curl -o /dev/null --silent --show-error --tlsv1.1 https://github.com
curl: (35) error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
...which suggests that --tlsv1.1 only tried to establish a TLS version 1.1 connection.
curl/libcurl version
curl 7.61.0-DEV (x86_64-pc-linux-gnu) libcurl/7.61.0-DEV OpenSSL/1.1.0g zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 librtmp/2.3
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
operating system
Ubuntu 18.04