curl(1) unclear regarding minimum TLS version #2691
Closed
Labels
Comments
It (the OpenSSL backend) is in fact trying only 1.1 when that option is given, and only 1.2 when that option is given... So in that regard the code works like the documentation implies. The question is then probably if it really should work like that... |
Yeah, but what I (mostly) mean is that the documentation, at least the way I read it, contradicts itself. That is, that the |
bagder
added a commit
that referenced
this issue
Jun 28, 2018
The code treated the set version as the *exact* version to require in the TLS handshake, which is not what other TLS backends do and probably not what most people expect either. Reported-by: Andreas Olsson Fixes #2691
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The
curl(1)
man page has the following to say about the--tls-max
option.The way I read that section it implies that (for example) the option
--tlsv1.1
will try to use TLS version 1.1 or higher.On the other hand, the
curl(1)
man page has the following to say about the--tlsv1.1
specifically.The way I read that section the option
--tlsv1.1
will try to use TLS version 1.1, only. That is also the behavior I get when trying out the--tlsv1.1
.At least to me the "A minimum is defined by arguments tlsv1.0 or tlsv1.1 or tlsv1.2." phrase is misleading, and should perhaps be removed?
I did this
...which suggests that
--tlsv1.1
only tried to establish a TLS version 1.1 connection.curl/libcurl version
operating system
Ubuntu 18.04
The text was updated successfully, but these errors were encountered: