CURLOPT_SSLVERSION(3) curl_easy_setopt options CURLOPT_SSLVERSION(3)
NAME
CURLOPT_SSLVERSION - preferred TLS/SSL version
SYNOPSIS
#include <curl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLVERSION, long version);
DESCRIPTION
Pass a long as parameter to control which version range of SSL/TLS ver-
sions to use.
The SSL and TLS versions have typically developed from the most inse-
cure version to be more and more secure in this order through history:
SSL v2, SSLv3, TLS v1.0, TLS v1.1, TLS v1.2 and the most recent TLS
v1.3.
Use one of the available defines for this purpose. The available op-
tions are:
CURL_SSLVERSION_DEFAULT
The default acceptable version range. The minimum accept-
able version is by default TLS v1.0 since 7.39.0 (unless
the TLS library has a stricter rule).
CURL_SSLVERSION_TLSv1
TLS v1.0 or later
CURL_SSLVERSION_SSLv2
SSL v2 - refused
CURL_SSLVERSION_SSLv3
SSL v3 - refused
CURL_SSLVERSION_TLSv1_0
TLS v1.0 or later (Added in 7.34.0)
CURL_SSLVERSION_TLSv1_1
TLS v1.1 or later (Added in 7.34.0)
CURL_SSLVERSION_TLSv1_2
TLS v1.2 or later (Added in 7.34.0)
CURL_SSLVERSION_TLSv1_3
TLS v1.3 or later (Added in 7.52.0)
The maximum TLS version can be set by using one of the CURL_SSLVER-
SION_MAX_ macros below. It is also possible to OR one of the CURL_SS-
LVERSION_ macros with one of the CURL_SSLVERSION_MAX_ macros. The MAX
macros are not supported for WolfSSL.
CURL_SSLVERSION_MAX_DEFAULT
The flag defines the maximum supported TLS version by
libcurl, or the default value from the SSL library is
used. libcurl will use a sensible default maximum, which
was TLS v1.2 up to before 7.61.0 and is TLS v1.3 since
then - assuming the TLS library support it. (Added in
7.54.0)
CURL_SSLVERSION_MAX_TLSv1_0
The flag defines maximum supported TLS version as TLS
v1.0. (Added in 7.54.0)
CURL_SSLVERSION_MAX_TLSv1_1
The flag defines maximum supported TLS version as TLS
v1.1. (Added in 7.54.0)
CURL_SSLVERSION_MAX_TLSv1_2
The flag defines maximum supported TLS version as TLS
v1.2. (Added in 7.54.0)
CURL_SSLVERSION_MAX_TLSv1_3
The flag defines maximum supported TLS version as TLS
v1.3. (Added in 7.54.0)
In versions of curl prior to 7.54 the CURL_SSLVERSION_TLS options were
documented to allow only the specified TLS version, but behavior was
inconsistent depending on the TLS library.
DEFAULT
CURL_SSLVERSION_DEFAULT
PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
EXAMPLE
CURL *curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
/* ask libcurl to use TLS version 1.0 or later */
curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
/* Perform the request */
curl_easy_perform(curl);
}
AVAILABILITY
SSLv2 and SSLv3 are refused completely since curl 7.77.0
SSLv2 is disabled by default since 7.18.1. Other SSL versions avail-
ability may vary depending on which backend libcurl has been built to
use.
SSLv3 is disabled by default since 7.39.0.
RETURN VALUE
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION
if not.
SEE ALSO
CURLOPT_USE_SSL(3), CURLOPT_HTTP_VERSION(3), CURLOPT_PROXY_SSLVER-
SION(3), CURLOPT_IPRESOLVE(3)
libcurl 7.81.0 November 26, 2021 CURLOPT_SSLVERSION(3)
Generated by dwww version 1.14 on Thu Jan 23 06:13:38 CET 2025.