From 6fa10c8fa2319e0271465a796f258a239b54c35a Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Wed, 10 Jan 2018 03:14:15 -0500 Subject: setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values Broken since f121575 (precedes 7.56.1). Bug: https://github.com/curl/curl/issues/2225 Reported-by: cmfrolick@users.noreply.github.com Closes https://github.com/curl/curl/pull/2227 --- docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 | 12 ++++++++---- docs/libcurl/opts/CURLOPT_SSLVERSION.3 | 14 +++++++++----- 2 files changed, 17 insertions(+), 9 deletions(-) (limited to 'docs/libcurl') diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 b/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 index 6b9ff7dee..73c2c9766 100644 --- a/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 +++ b/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 @@ -46,10 +46,15 @@ TLSv1.1 TLSv1.2 .IP CURL_SSLVERSION_TLSv1_3 TLSv1.3 +.RE +The maximum TLS version can be set by using \fIone\fP of the +CURL_SSLVERSION_MAX_ macros below. It is also possible to OR \fIone\fP of the +CURL_SSLVERSION_ macros with \fIone\fP of the CURL_SSLVERSION_MAX_ macros. +The MAX macros are not supported for SSL backends axTLS or wolfSSL. +.RS .IP CURL_SSLVERSION_MAX_DEFAULT The flag defines the maximum supported TLS version as TLSv1.2, or the default -value from the SSL library. Only the NSS library currently allows one to get -the maximum supported TLS version. +value from the SSL library. (Added in 7.54.0) .IP CURL_SSLVERSION_MAX_TLSv1_0 The flag defines maximum supported TLS version as TLSv1.0. @@ -75,8 +80,7 @@ if(curl) { curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); /* ask libcurl to use TLS version 1.0 or later */ - curl_easy_setopt(curl, CURLOPT_PROXY_SSLVERSION, CURL_SSLVERSION_TLSv1_1 | - CURL_SSLVERSION_MAX_DEFAULT); + curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1); /* Perform the request */ curl_easy_perform(curl); diff --git a/docs/libcurl/opts/CURLOPT_SSLVERSION.3 b/docs/libcurl/opts/CURLOPT_SSLVERSION.3 index 5c447d8f3..807057be5 100644 --- a/docs/libcurl/opts/CURLOPT_SSLVERSION.3 +++ b/docs/libcurl/opts/CURLOPT_SSLVERSION.3 @@ -50,10 +50,15 @@ TLSv1.1 (Added in 7.34.0) TLSv1.2 (Added in 7.34.0) .IP CURL_SSLVERSION_TLSv1_3 TLSv1.3 (Added in 7.52.0) +.RE +The maximum TLS version can be set by using \fIone\fP of the +CURL_SSLVERSION_MAX_ macros below. It is also possible to OR \fIone\fP of the +CURL_SSLVERSION_ macros with \fIone\fP of the CURL_SSLVERSION_MAX_ macros. +The MAX macros are not supported for SSL backends axTLS or wolfSSL. +.RS .IP CURL_SSLVERSION_MAX_DEFAULT The flag defines the maximum supported TLS version as TLSv1.2, or the default -value from the SSL library. Only the NSS library currently allows one to get -the maximum supported TLS version. +value from the SSL library. (Added in 7.54.0) .IP CURL_SSLVERSION_MAX_TLSv1_0 The flag defines maximum supported TLS version as TLSv1.0. @@ -78,9 +83,8 @@ CURL *curl = curl_easy_init(); if(curl) { curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); - /* ask libcurl to use TLS version 1.1 or later */ - curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1 | - CURL_SSLVERSION_MAX_DEFAULT); + /* ask libcurl to use TLS version 1.0 or later */ + curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1); /* Perform the request */ curl_easy_perform(curl); -- cgit v1.2.3