You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I got the same result building from source revision 7645324 .
Since TLS 1.0 is the minimum version supported by this libcurl, if I instead write CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_2, libcurl will use TLS <= 1.2 .
When libcurl 7.74 was made available to debian buster through a backport, TLS 1.3 was also enabled (with gnutls) (because of #5223 ). Some sites don't seem to work with buster's gnutls version (3.6.7) with TLS 1.3, so I want to disable it (see also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987188 ).
With openssl, CURL_SSLVERSION_MAX_TLSv1_2 does restrict TLS <= 1.2 .
Linux dc 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered:
Previously, settting only the max allowed TLS version, leaving the
minimum one at default, didn't actually set it and left it to default
(TLS 1.3) too!
As a bonus, this change also removes the dead code handling of SSLv3
since that version can't be set anymore (since eff614f).
Reported-by: Daniel Carpenter