1CURLOPT_SSLVERSION(3) curl_easy_setopt options CURLOPT_SSLVERSION(3)
2
3
4
6 CURLOPT_SSLVERSION - preferred TLS/SSL version
7
9 #include <curl/curl.h>
10
11 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLVERSION, long version);
12
14 Pass a long as parameter to control which version range of SSL/TLS ver‐
15 sions to use.
16
17 The SSL and TLS versions have typically developed from the most inse‐
18 cure version to be more and more secure in this order through history:
19 SSL v2, SSLv3, TLS v1.0, TLS v1.1, TLS v1.2 and the most recent TLS
20 v1.3.
21
22 Use one of the available defines for this purpose. The available op‐
23 tions are:
24
25 CURL_SSLVERSION_DEFAULT
26 The default acceptable version range. The minimum accept‐
27 able version is by default TLS v1.0 since 7.39.0 (unless
28 the TLS library has a stricter rule).
29
30 CURL_SSLVERSION_TLSv1
31 TLS v1.0 or later
32
33 CURL_SSLVERSION_SSLv2
34 SSL v2 - refused
35
36 CURL_SSLVERSION_SSLv3
37 SSL v3 - refused
38
39 CURL_SSLVERSION_TLSv1_0
40 TLS v1.0 or later (Added in 7.34.0)
41
42 CURL_SSLVERSION_TLSv1_1
43 TLS v1.1 or later (Added in 7.34.0)
44
45 CURL_SSLVERSION_TLSv1_2
46 TLS v1.2 or later (Added in 7.34.0)
47
48 CURL_SSLVERSION_TLSv1_3
49 TLS v1.3 or later (Added in 7.52.0)
50
51 The maximum TLS version can be set by using one of the CURL_SSLVER‐
52 SION_MAX_ macros below. It is also possible to OR one of the CURL_SS‐
53 LVERSION_ macros with one of the CURL_SSLVERSION_MAX_ macros. The MAX
54 macros are not supported for WolfSSL.
55
56 CURL_SSLVERSION_MAX_DEFAULT
57 The flag defines the maximum supported TLS version by
58 libcurl, or the default value from the SSL library is
59 used. libcurl will use a sensible default maximum, which
60 was TLS v1.2 up to before 7.61.0 and is TLS v1.3 since
61 then - assuming the TLS library support it. (Added in
62 7.54.0)
63
64 CURL_SSLVERSION_MAX_TLSv1_0
65 The flag defines maximum supported TLS version as TLS
66 v1.0. (Added in 7.54.0)
67
68 CURL_SSLVERSION_MAX_TLSv1_1
69 The flag defines maximum supported TLS version as TLS
70 v1.1. (Added in 7.54.0)
71
72 CURL_SSLVERSION_MAX_TLSv1_2
73 The flag defines maximum supported TLS version as TLS
74 v1.2. (Added in 7.54.0)
75
76 CURL_SSLVERSION_MAX_TLSv1_3
77 The flag defines maximum supported TLS version as TLS
78 v1.3. (Added in 7.54.0)
79
80 In versions of curl prior to 7.54 the CURL_SSLVERSION_TLS options were
81 documented to allow only the specified TLS version, but behavior was
82 inconsistent depending on the TLS library.
83
84
86 CURL_SSLVERSION_DEFAULT
87
89 All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
90
92 CURL *curl = curl_easy_init();
93 if(curl) {
94 curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
95
96 /* ask libcurl to use TLS version 1.0 or later */
97 curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
98
99 /* Perform the request */
100 curl_easy_perform(curl);
101 }
102
104 SSLv2 and SSLv3 are refused completely since curl 7.77.0
105
106 SSLv2 is disabled by default since 7.18.1. Other SSL versions avail‐
107 ability may vary depending on which backend libcurl has been built to
108 use.
109
110 SSLv3 is disabled by default since 7.39.0.
111
113 Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION
114 if not.
115
117 CURLOPT_USE_SSL(3), CURLOPT_HTTP_VERSION(3), CURLOPT_PROXY_SSLVER‐
118 SION(3), CURLOPT_IPRESOLVE(3)
119
120
121
122libcurl 7.85.0 May 17, 2022 CURLOPT_SSLVERSION(3)