aboutsummaryrefslogtreecommitdiff
path: root/docs/libcurl/opts
diff options
context:
space:
mode:
authorJozef Kralik <jozef.kralik@eset.sk>2016-12-13 21:10:00 +0100
committerKamil Dudka <kdudka@redhat.com>2017-03-08 15:54:07 +0100
commit6448f98c1857de521fb2dd3f9d4e5659845b5474 (patch)
tree183b4febdb062f32be9113ae170e3b57f44a4b28 /docs/libcurl/opts
parentb66690733642d764199eeb1b64aaaa2513c13db3 (diff)
vtls: add options to specify range of enabled TLS versions
This commit introduces the CURL_SSLVERSION_MAX_* constants as well as the --tls-max option of the curl tool. Closes https://github.com/curl/curl/pull/1166
Diffstat (limited to 'docs/libcurl/opts')
-rw-r--r--docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.320
-rw-r--r--docs/libcurl/opts/CURLOPT_SSLVERSION.322
2 files changed, 39 insertions, 3 deletions
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 b/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3
index f96a9e6c5..85ecdc41f 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3
@@ -46,6 +46,23 @@ TLSv1.1
TLSv1.2
.IP CURL_SSLVERSION_TLSv1_3
TLSv1.3
+.IP CURL_SSLVERSION_MAX_DEFAULT
+The flag defines maximum supported TLS version as TLSv1.2 or default
+value from SSL library. Only library NSS currently allows to get
+maximum supported TLS version.
+(Added in 7.54.0)
+.IP CURL_SSLVERSION_MAX_TLSv1_0
+The flag defines maximum supported TLS version as TLSv1.0.
+(Added in 7.54.0)
+.IP CURL_SSLVERSION_MAX_TLSv1_1
+The flag defines maximum supported TLS version as TLSv1.1.
+(Added in 7.54.0)
+.IP CURL_SSLVERSION_MAX_TLSv1_2
+The flag defines maximum supported TLS version as TLSv1.2.
+(Added in 7.54.0)
+.IP CURL_SSLVERSION_MAX_TLSv1_3
+The flag defines maximum supported TLS version as TLSv1.3.
+(Added in 7.54.0)
.RE
.SH DEFAULT
CURL_SSLVERSION_DEFAULT
@@ -58,7 +75,8 @@ if(curl) {
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
/* ask libcurl to use TLS version 1.0 or later */
- curl_easy_setopt(curl, CURLOPT_PROXY_SSLVERSION, CURL_SSLVERSION_TLSv1);
+ curl_easy_setopt(curl, CURLOPT_PROXY_SSLVERSION, CURL_SSLVERSION_TLSv1_1 |
+ CURL_SSLVERSION_MAX_DEFAULT);
/* Perform the request */
curl_easy_perform(curl);
diff --git a/docs/libcurl/opts/CURLOPT_SSLVERSION.3 b/docs/libcurl/opts/CURLOPT_SSLVERSION.3
index 77dfcd49d..d07ae8dde 100644
--- a/docs/libcurl/opts/CURLOPT_SSLVERSION.3
+++ b/docs/libcurl/opts/CURLOPT_SSLVERSION.3
@@ -50,6 +50,23 @@ TLSv1.1 (Added in 7.34.0)
TLSv1.2 (Added in 7.34.0)
.IP CURL_SSLVERSION_TLSv1_3
TLSv1.3 (Added in 7.52.0)
+.IP CURL_SSLVERSION_MAX_DEFAULT
+The flag defines maximum supported TLS version as TLSv1.2 or default
+value from SSL library. Only library NSS currently allows to get
+maximum supported TLS version.
+(Added in 7.54.0)
+.IP CURL_SSLVERSION_MAX_TLSv1_0
+The flag defines maximum supported TLS version as TLSv1.0.
+(Added in 7.54.0)
+.IP CURL_SSLVERSION_MAX_TLSv1_1
+The flag defines maximum supported TLS version as TLSv1.1.
+(Added in 7.54.0)
+.IP CURL_SSLVERSION_MAX_TLSv1_2
+The flag defines maximum supported TLS version as TLSv1.2.
+(Added in 7.54.0)
+.IP CURL_SSLVERSION_MAX_TLSv1_3
+The flag defines maximum supported TLS version as TLSv1.3.
+(Added in 7.54.0)
.RE
.SH DEFAULT
CURL_SSLVERSION_DEFAULT
@@ -61,8 +78,9 @@ CURL *curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
- /* ask libcurl to use TLS version 1.0 or later */
- curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
+ /* ask libcurl to use TLS version 1.1 or later */
+ curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1.1 |
+ CURL_SSLVERSION_MAX_DEFAULT);
/* Perform the request */
curl_easy_perform(curl);