1CURLOPT_SSLVERSION(3)      curl_easy_setopt options      CURLOPT_SSLVERSION(3)
2
3
4

NAME

6       CURLOPT_SSLVERSION - preferred TLS/SSL version
7

SYNOPSIS

9       #include <curl/curl.h>
10
11       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLVERSION, long version);
12

DESCRIPTION

14       Pass a long as parameter to control which version range of SSL/TLS ver‐
15       sions to use.
16
17       The SSL and TLS versions have typically developed from the  most  inse‐
18       cure  version to be more and more secure in this order through history:
19       SSL v2, SSLv3, TLS v1.0, TLS v1.1, TLS v1.2 and  the  most  recent  TLS
20       v1.3.
21
22       Use  one  of  the available defines for this purpose. The available op‐
23       tions are:
24
25              CURL_SSLVERSION_DEFAULT
26                     The default acceptable version range. The minimum accept‐
27                     able  version is by default TLS v1.0 since 7.39.0 (unless
28                     the TLS library has a stricter rule).
29
30              CURL_SSLVERSION_TLSv1
31                     TLS v1.0 or later
32
33              CURL_SSLVERSION_SSLv2
34                     SSL v2 - refused
35
36              CURL_SSLVERSION_SSLv3
37                     SSL v3 - refused
38
39              CURL_SSLVERSION_TLSv1_0
40                     TLS v1.0 or later (Added in 7.34.0)
41
42              CURL_SSLVERSION_TLSv1_1
43                     TLS v1.1 or later (Added in 7.34.0)
44
45              CURL_SSLVERSION_TLSv1_2
46                     TLS v1.2 or later (Added in 7.34.0)
47
48              CURL_SSLVERSION_TLSv1_3
49                     TLS v1.3 or later (Added in 7.52.0)
50
51       The maximum TLS version can be set by using  one  of  the  CURL_SSLVER‐
52       SION_MAX_  macros  below. It is also possible to OR one of the CURL_SS‐
53       LVERSION_ macros with one of the CURL_SSLVERSION_MAX_ macros.  The  MAX
54       macros are not supported for WolfSSL.
55
56              CURL_SSLVERSION_MAX_DEFAULT
57                     The  flag  defines  the  maximum supported TLS version by
58                     libcurl, or the default value from  the  SSL  library  is
59                     used.  libcurl will use a sensible default maximum, which
60                     was TLS v1.2 up to before 7.61.0 and is  TLS  v1.3  since
61                     then  -  assuming  the  TLS library support it. (Added in
62                     7.54.0)
63
64              CURL_SSLVERSION_MAX_TLSv1_0
65                     The flag defines maximum supported  TLS  version  as  TLS
66                     v1.0.  (Added in 7.54.0)
67
68              CURL_SSLVERSION_MAX_TLSv1_1
69                     The  flag  defines  maximum  supported TLS version as TLS
70                     v1.1.  (Added in 7.54.0)
71
72              CURL_SSLVERSION_MAX_TLSv1_2
73                     The flag defines maximum supported  TLS  version  as  TLS
74                     v1.2.  (Added in 7.54.0)
75
76              CURL_SSLVERSION_MAX_TLSv1_3
77                     The  flag  defines  maximum  supported TLS version as TLS
78                     v1.3.  (Added in 7.54.0)
79
80       In versions of curl prior to 7.54 the CURL_SSLVERSION_TLS options  were
81       documented  to  allow  only the specified TLS version, but behavior was
82       inconsistent depending on the TLS library.
83
84

DEFAULT

86       CURL_SSLVERSION_DEFAULT
87

PROTOCOLS

89       All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
90

EXAMPLE

92       CURL *curl = curl_easy_init();
93       if(curl) {
94         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
95
96         /* ask libcurl to use TLS version 1.0 or later */
97         curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
98
99         /* Perform the request */
100         curl_easy_perform(curl);
101       }
102

AVAILABILITY

104       SSLv2 and SSLv3 are refused completely since curl 7.77.0
105
106       SSLv2 is disabled by default since 7.18.1. Other  SSL  versions  avail‐
107       ability  may  vary depending on which backend libcurl has been built to
108       use.
109
110       SSLv3 is disabled by default since 7.39.0.
111

RETURN VALUE

113       Returns CURLE_OK if the option is supported,  and  CURLE_UNKNOWN_OPTION
114       if not.
115

SEE ALSO

117       CURLOPT_USE_SSL(3),    CURLOPT_HTTP_VERSION(3),   CURLOPT_PROXY_SSLVER‐
118       SION(3), CURLOPT_IPRESOLVE(3)
119
120
121
122libcurl 7.85.0                   May 17, 2022            CURLOPT_SSLVERSION(3)
Impressum