Skip to content

url: make default TLS version be minimum 1.2#17894

Closed
bagder wants to merge 1 commit intomasterfrom
bagder/tls-1.2-default
Closed

url: make default TLS version be minimum 1.2#17894
bagder wants to merge 1 commit intomasterfrom
bagder/tls-1.2-default

Conversation

@bagder
Copy link
Copy Markdown
Member

@bagder bagder commented Jul 11, 2025
edited
Loading

This still allows users to explictily ask for 1.0 or 1.1 as the minimum version. If the TLS library allows it.

Starting with this change, the CURL_SSLVERSION_DEFAULT value is no longer used as minimum version when the TLS backend are called.

This PR also makes curl set the minimum version to 1.2 independently of libcurl for the rare case where a newer curl tool would use an older libcurl.

URL: https://curl.se/mail/lib-2025-07/0007.html

@bagder bagder added TLS feature-window A merge of this requires an open feature window labels Jul 11, 2025
@bagder
Copy link
Copy Markdown
Member Author

bagder commented Jul 11, 2025

Maybe CURL_SSLVERSION_TLSv1 should also be remapped?

@testclutch

This comment was marked as outdated.

Sign in to view
yaleman
yaleman reviewed Jul 14, 2025
View reviewed changes
Comment thread src/tool_paramhlp.c Outdated
@bagder bagder marked this pull request as ready for review July 15, 2025 11:40
bagder added a commit that referenced this pull request Jul 15, 2025
@bagder
test3207: allow more allocations
d16f773 
This limit was triggered in a PR that did not change any sizes, showing
the previous limit for this was a little tight.

Ref: #17894
@bagder bagder mentioned this pull request Jul 15, 2025
Closed
bagder added a commit that referenced this pull request Jul 15, 2025
@bagder
test3207: allow more allocations
e507f93 
This limit was triggered in a PR that did not change any sizes, showing
the previous limit for this was a little tight.

Ref: #17894
Closes #17932
@bagder
url: make default TLS version be minimum 1.2
2d26611 
This still allows users to explictily ask for 1.0 or 1.1 as the minimum
version. If the TLS library allows it.

Starting with this change, the CURL_SSLVERSION_DEFAULT value is no
longer used as minimum version when the TLS backend are called.

This also makes curl set the minimum version to 1.2 independently of
libcurl for the rare case where a newer curl tool would use an older
libcurl.

URL: https://curl.se/mail/lib-2025-07/0007.html
Assisted-by: Stefan Eissing
@bagder bagder force-pushed the bagder/tls-1.2-default branch from 2be3df1 to 2d26611 Compare July 27, 2025 16:00
@bagder bagder closed this in 9d8998c Jul 27, 2025
@bagder bagder deleted the bagder/tls-1.2-default branch July 27, 2025 16:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@yaleman yaleman yaleman left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cmdline tool feature-window A merge of this requires an open feature window tests TLS

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bagder @testclutch @yaleman