You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I got the same result building from source revision 7645324 .
workaround
Since TLS 1.0 is the minimum version supported by this libcurl, if I instead write CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_2, libcurl will use TLS <= 1.2 .
background
When libcurl 7.74 was made available to debian buster through a backport, TLS 1.3 was also enabled (with gnutls) (because of #5223 ). Some sites don't seem to work with buster's gnutls version (3.6.7) with TLS 1.3, so I want to disable it (see also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987188 ).
With openssl, CURL_SSLVERSION_MAX_TLSv1_2 does restrict TLS <= 1.2 .
operating system
debian buster
Linux dc 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered:
Previously, settting only the max allowed TLS version, leaving the
minimum one at default, didn't actually set it and left it to default
(TLS 1.3) too!
As a bonus, this change also removes the dead code handling of SSLv3
since that version can't be set anymore (since eff614f).
Reported-by: Daniel Carpenter
Fixes#6998
I did this
I'm using libcurl in a C application. I want to use a TLS version <= 1.2, so I specify
CURL_SSLVERSION_MAX_TLSv1_2
. Here's a minimal example:I expected the following
When I ran the program, I expected to see
SSL connection using TLS1.2
, but instead I seeSSL connection using TLS1.3
.curl/libcurl version
[curl -V output]
curl 7.74.0 (x86_64-pc-linux-gnu) libcurl/7.74.0 OpenSSL/1.1.1d zlib/1.2.11 brotli/1.0.7 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3
Release-Date: 2020-12-09
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets
I got the same result building from source revision 7645324 .
workaround
Since TLS 1.0 is the minimum version supported by this libcurl, if I instead write
CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_2
, libcurl will use TLS <= 1.2 .background
When libcurl 7.74 was made available to debian buster through a backport, TLS 1.3 was also enabled (with gnutls) (because of #5223 ). Some sites don't seem to work with buster's gnutls version (3.6.7) with TLS 1.3, so I want to disable it (see also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987188 ).
With openssl, CURL_SSLVERSION_MAX_TLSv1_2 does restrict TLS <= 1.2 .
operating system
debian buster
Linux dc 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered: