diff options
author | Jozef Kralik <jozef.kralik@eset.sk> | 2016-12-13 21:10:00 +0100 |
---|---|---|
committer | Kamil Dudka <kdudka@redhat.com> | 2017-03-08 15:54:07 +0100 |
commit | 6448f98c1857de521fb2dd3f9d4e5659845b5474 (patch) | |
tree | 183b4febdb062f32be9113ae170e3b57f44a4b28 /docs/libcurl/opts | |
parent | b66690733642d764199eeb1b64aaaa2513c13db3 (diff) |
vtls: add options to specify range of enabled TLS versions
This commit introduces the CURL_SSLVERSION_MAX_* constants as well as
the --tls-max option of the curl tool.
Closes https://github.com/curl/curl/pull/1166
Diffstat (limited to 'docs/libcurl/opts')
-rw-r--r-- | docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 | 20 | ||||
-rw-r--r-- | docs/libcurl/opts/CURLOPT_SSLVERSION.3 | 22 |
2 files changed, 39 insertions, 3 deletions
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 b/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 index f96a9e6c5..85ecdc41f 100644 --- a/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 +++ b/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 @@ -46,6 +46,23 @@ TLSv1.1 TLSv1.2 .IP CURL_SSLVERSION_TLSv1_3 TLSv1.3 +.IP CURL_SSLVERSION_MAX_DEFAULT +The flag defines maximum supported TLS version as TLSv1.2 or default +value from SSL library. Only library NSS currently allows to get +maximum supported TLS version. +(Added in 7.54.0) +.IP CURL_SSLVERSION_MAX_TLSv1_0 +The flag defines maximum supported TLS version as TLSv1.0. +(Added in 7.54.0) +.IP CURL_SSLVERSION_MAX_TLSv1_1 +The flag defines maximum supported TLS version as TLSv1.1. +(Added in 7.54.0) +.IP CURL_SSLVERSION_MAX_TLSv1_2 +The flag defines maximum supported TLS version as TLSv1.2. +(Added in 7.54.0) +.IP CURL_SSLVERSION_MAX_TLSv1_3 +The flag defines maximum supported TLS version as TLSv1.3. +(Added in 7.54.0) .RE .SH DEFAULT CURL_SSLVERSION_DEFAULT @@ -58,7 +75,8 @@ if(curl) { curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); /* ask libcurl to use TLS version 1.0 or later */ - curl_easy_setopt(curl, CURLOPT_PROXY_SSLVERSION, CURL_SSLVERSION_TLSv1); + curl_easy_setopt(curl, CURLOPT_PROXY_SSLVERSION, CURL_SSLVERSION_TLSv1_1 | + CURL_SSLVERSION_MAX_DEFAULT); /* Perform the request */ curl_easy_perform(curl); diff --git a/docs/libcurl/opts/CURLOPT_SSLVERSION.3 b/docs/libcurl/opts/CURLOPT_SSLVERSION.3 index 77dfcd49d..d07ae8dde 100644 --- a/docs/libcurl/opts/CURLOPT_SSLVERSION.3 +++ b/docs/libcurl/opts/CURLOPT_SSLVERSION.3 @@ -50,6 +50,23 @@ TLSv1.1 (Added in 7.34.0) TLSv1.2 (Added in 7.34.0) .IP CURL_SSLVERSION_TLSv1_3 TLSv1.3 (Added in 7.52.0) +.IP CURL_SSLVERSION_MAX_DEFAULT +The flag defines maximum supported TLS version as TLSv1.2 or default +value from SSL library. Only library NSS currently allows to get +maximum supported TLS version. +(Added in 7.54.0) +.IP CURL_SSLVERSION_MAX_TLSv1_0 +The flag defines maximum supported TLS version as TLSv1.0. +(Added in 7.54.0) +.IP CURL_SSLVERSION_MAX_TLSv1_1 +The flag defines maximum supported TLS version as TLSv1.1. +(Added in 7.54.0) +.IP CURL_SSLVERSION_MAX_TLSv1_2 +The flag defines maximum supported TLS version as TLSv1.2. +(Added in 7.54.0) +.IP CURL_SSLVERSION_MAX_TLSv1_3 +The flag defines maximum supported TLS version as TLSv1.3. +(Added in 7.54.0) .RE .SH DEFAULT CURL_SSLVERSION_DEFAULT @@ -61,8 +78,9 @@ CURL *curl = curl_easy_init(); if(curl) { curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); - /* ask libcurl to use TLS version 1.0 or later */ - curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1); + /* ask libcurl to use TLS version 1.1 or later */ + curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1.1 | + CURL_SSLVERSION_MAX_DEFAULT); /* Perform the request */ curl_easy_perform(curl); |