1*6236dae4SAndroid Build Coastguard Worker--- 2*6236dae4SAndroid Build Coastguard Workerc: Copyright (C) Daniel Stenberg, <[email protected]>, et al. 3*6236dae4SAndroid Build Coastguard WorkerSPDX-License-Identifier: curl 4*6236dae4SAndroid Build Coastguard WorkerTitle: CURLOPT_SSLVERSION 5*6236dae4SAndroid Build Coastguard WorkerSection: 3 6*6236dae4SAndroid Build Coastguard WorkerSource: libcurl 7*6236dae4SAndroid Build Coastguard WorkerSee-also: 8*6236dae4SAndroid Build Coastguard Worker - CURLOPT_HTTP_VERSION (3) 9*6236dae4SAndroid Build Coastguard Worker - CURLOPT_IPRESOLVE (3) 10*6236dae4SAndroid Build Coastguard Worker - CURLOPT_PROXY_SSLVERSION (3) 11*6236dae4SAndroid Build Coastguard Worker - CURLOPT_USE_SSL (3) 12*6236dae4SAndroid Build Coastguard WorkerProtocol: 13*6236dae4SAndroid Build Coastguard Worker - TLS 14*6236dae4SAndroid Build Coastguard WorkerTLS-backend: 15*6236dae4SAndroid Build Coastguard Worker - All 16*6236dae4SAndroid Build Coastguard WorkerAdded-in: 7.1 17*6236dae4SAndroid Build Coastguard Worker--- 18*6236dae4SAndroid Build Coastguard Worker 19*6236dae4SAndroid Build Coastguard Worker# NAME 20*6236dae4SAndroid Build Coastguard Worker 21*6236dae4SAndroid Build Coastguard WorkerCURLOPT_SSLVERSION - preferred TLS/SSL version 22*6236dae4SAndroid Build Coastguard Worker 23*6236dae4SAndroid Build Coastguard Worker# SYNOPSIS 24*6236dae4SAndroid Build Coastguard Worker 25*6236dae4SAndroid Build Coastguard Worker~~~c 26*6236dae4SAndroid Build Coastguard Worker#include <curl/curl.h> 27*6236dae4SAndroid Build Coastguard Worker 28*6236dae4SAndroid Build Coastguard WorkerCURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLVERSION, long version); 29*6236dae4SAndroid Build Coastguard Worker~~~ 30*6236dae4SAndroid Build Coastguard Worker 31*6236dae4SAndroid Build Coastguard Worker# DESCRIPTION 32*6236dae4SAndroid Build Coastguard Worker 33*6236dae4SAndroid Build Coastguard WorkerPass a long as parameter to control which version range of SSL/TLS versions to 34*6236dae4SAndroid Build Coastguard Workeruse. 35*6236dae4SAndroid Build Coastguard Worker 36*6236dae4SAndroid Build Coastguard WorkerThe SSL and TLS versions have typically developed from the most insecure 37*6236dae4SAndroid Build Coastguard Workerversion to be more and more secure in this order through history: SSL v2, 38*6236dae4SAndroid Build Coastguard WorkerSSLv3, TLS v1.0, TLS v1.1, TLS v1.2 and the most recent TLS v1.3. 39*6236dae4SAndroid Build Coastguard Worker 40*6236dae4SAndroid Build Coastguard WorkerUse one of the available defines for this purpose. The available options are: 41*6236dae4SAndroid Build Coastguard Worker 42*6236dae4SAndroid Build Coastguard Worker## CURL_SSLVERSION_DEFAULT 43*6236dae4SAndroid Build Coastguard Worker 44*6236dae4SAndroid Build Coastguard WorkerThe default acceptable version range. The minimum acceptable version is by 45*6236dae4SAndroid Build Coastguard Workerdefault TLS v1.0 since 7.39.0 (unless the TLS library has a stricter rule). 46*6236dae4SAndroid Build Coastguard Worker 47*6236dae4SAndroid Build Coastguard Worker## CURL_SSLVERSION_TLSv1 48*6236dae4SAndroid Build Coastguard Worker 49*6236dae4SAndroid Build Coastguard WorkerTLS v1.0 or later 50*6236dae4SAndroid Build Coastguard Worker 51*6236dae4SAndroid Build Coastguard Worker## CURL_SSLVERSION_SSLv2 52*6236dae4SAndroid Build Coastguard Worker 53*6236dae4SAndroid Build Coastguard WorkerSSL v2 - refused 54*6236dae4SAndroid Build Coastguard Worker 55*6236dae4SAndroid Build Coastguard Worker## CURL_SSLVERSION_SSLv3 56*6236dae4SAndroid Build Coastguard Worker 57*6236dae4SAndroid Build Coastguard WorkerSSL v3 - refused 58*6236dae4SAndroid Build Coastguard Worker 59*6236dae4SAndroid Build Coastguard Worker## CURL_SSLVERSION_TLSv1_0 60*6236dae4SAndroid Build Coastguard Worker 61*6236dae4SAndroid Build Coastguard WorkerTLS v1.0 or later (Added in 7.34.0) 62*6236dae4SAndroid Build Coastguard Worker 63*6236dae4SAndroid Build Coastguard Worker## CURL_SSLVERSION_TLSv1_1 64*6236dae4SAndroid Build Coastguard Worker 65*6236dae4SAndroid Build Coastguard WorkerTLS v1.1 or later (Added in 7.34.0) 66*6236dae4SAndroid Build Coastguard Worker 67*6236dae4SAndroid Build Coastguard Worker## CURL_SSLVERSION_TLSv1_2 68*6236dae4SAndroid Build Coastguard Worker 69*6236dae4SAndroid Build Coastguard WorkerTLS v1.2 or later (Added in 7.34.0) 70*6236dae4SAndroid Build Coastguard Worker 71*6236dae4SAndroid Build Coastguard Worker## CURL_SSLVERSION_TLSv1_3 72*6236dae4SAndroid Build Coastguard Worker 73*6236dae4SAndroid Build Coastguard WorkerTLS v1.3 or later (Added in 7.52.0) 74*6236dae4SAndroid Build Coastguard Worker 75*6236dae4SAndroid Build Coastguard Worker## 76*6236dae4SAndroid Build Coastguard Worker 77*6236dae4SAndroid Build Coastguard WorkerThe maximum TLS version can be set by using *one* of the 78*6236dae4SAndroid Build Coastguard WorkerCURL_SSLVERSION_MAX_ macros below. It is also possible to OR *one* of the 79*6236dae4SAndroid Build Coastguard WorkerCURL_SSLVERSION_ macros with *one* of the CURL_SSLVERSION_MAX_ macros. 80*6236dae4SAndroid Build Coastguard Worker 81*6236dae4SAndroid Build Coastguard Worker## CURL_SSLVERSION_MAX_DEFAULT 82*6236dae4SAndroid Build Coastguard Worker 83*6236dae4SAndroid Build Coastguard WorkerThe flag defines the maximum supported TLS version by libcurl, or the default 84*6236dae4SAndroid Build Coastguard Workervalue from the SSL library is used. libcurl uses a sensible default maximum, 85*6236dae4SAndroid Build Coastguard Workerwhich was TLS v1.2 up to before 7.61.0 and is TLS v1.3 since then - assuming 86*6236dae4SAndroid Build Coastguard Workerthe TLS library support it. (Added in 7.54.0) 87*6236dae4SAndroid Build Coastguard Worker 88*6236dae4SAndroid Build Coastguard Worker## CURL_SSLVERSION_MAX_TLSv1_0 89*6236dae4SAndroid Build Coastguard Worker 90*6236dae4SAndroid Build Coastguard WorkerThe flag defines maximum supported TLS version as TLS v1.0. 91*6236dae4SAndroid Build Coastguard Worker(Added in 7.54.0) 92*6236dae4SAndroid Build Coastguard Worker 93*6236dae4SAndroid Build Coastguard Worker## CURL_SSLVERSION_MAX_TLSv1_1 94*6236dae4SAndroid Build Coastguard Worker 95*6236dae4SAndroid Build Coastguard WorkerThe flag defines maximum supported TLS version as TLS v1.1. 96*6236dae4SAndroid Build Coastguard Worker(Added in 7.54.0) 97*6236dae4SAndroid Build Coastguard Worker 98*6236dae4SAndroid Build Coastguard Worker## CURL_SSLVERSION_MAX_TLSv1_2 99*6236dae4SAndroid Build Coastguard Worker 100*6236dae4SAndroid Build Coastguard WorkerThe flag defines maximum supported TLS version as TLS v1.2. 101*6236dae4SAndroid Build Coastguard Worker(Added in 7.54.0) 102*6236dae4SAndroid Build Coastguard Worker 103*6236dae4SAndroid Build Coastguard Worker## CURL_SSLVERSION_MAX_TLSv1_3 104*6236dae4SAndroid Build Coastguard Worker 105*6236dae4SAndroid Build Coastguard WorkerThe flag defines maximum supported TLS version as TLS v1.3. 106*6236dae4SAndroid Build Coastguard Worker(Added in 7.54.0) 107*6236dae4SAndroid Build Coastguard Worker 108*6236dae4SAndroid Build Coastguard Worker## 109*6236dae4SAndroid Build Coastguard Worker 110*6236dae4SAndroid Build Coastguard WorkerIn versions of curl prior to 7.54 the CURL_SSLVERSION_TLS options were 111*6236dae4SAndroid Build Coastguard Workerdocumented to allow *only* the specified TLS version, but behavior was 112*6236dae4SAndroid Build Coastguard Workerinconsistent depending on the TLS library. 113*6236dae4SAndroid Build Coastguard Worker 114*6236dae4SAndroid Build Coastguard Worker# DEFAULT 115*6236dae4SAndroid Build Coastguard Worker 116*6236dae4SAndroid Build Coastguard WorkerCURL_SSLVERSION_DEFAULT 117*6236dae4SAndroid Build Coastguard Worker 118*6236dae4SAndroid Build Coastguard Worker# %PROTOCOLS% 119*6236dae4SAndroid Build Coastguard Worker 120*6236dae4SAndroid Build Coastguard Worker# EXAMPLE 121*6236dae4SAndroid Build Coastguard Worker 122*6236dae4SAndroid Build Coastguard Worker~~~c 123*6236dae4SAndroid Build Coastguard Workerint main(void) 124*6236dae4SAndroid Build Coastguard Worker{ 125*6236dae4SAndroid Build Coastguard Worker CURL *curl = curl_easy_init(); 126*6236dae4SAndroid Build Coastguard Worker if(curl) { 127*6236dae4SAndroid Build Coastguard Worker curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); 128*6236dae4SAndroid Build Coastguard Worker 129*6236dae4SAndroid Build Coastguard Worker /* ask libcurl to use TLS version 1.0 or later */ 130*6236dae4SAndroid Build Coastguard Worker curl_easy_setopt(curl, CURLOPT_SSLVERSION, (long)CURL_SSLVERSION_TLSv1); 131*6236dae4SAndroid Build Coastguard Worker 132*6236dae4SAndroid Build Coastguard Worker /* Perform the request */ 133*6236dae4SAndroid Build Coastguard Worker curl_easy_perform(curl); 134*6236dae4SAndroid Build Coastguard Worker } 135*6236dae4SAndroid Build Coastguard Worker} 136*6236dae4SAndroid Build Coastguard Worker~~~ 137*6236dae4SAndroid Build Coastguard Worker 138*6236dae4SAndroid Build Coastguard Worker# HISTORY 139*6236dae4SAndroid Build Coastguard Worker 140*6236dae4SAndroid Build Coastguard WorkerSSLv2 is disabled by default since 7.18.1. Other SSL versions availability may 141*6236dae4SAndroid Build Coastguard Workervary depending on which backend libcurl has been built to use. 142*6236dae4SAndroid Build Coastguard Worker 143*6236dae4SAndroid Build Coastguard WorkerSSLv3 is disabled by default since 7.39.0. 144*6236dae4SAndroid Build Coastguard Worker 145*6236dae4SAndroid Build Coastguard WorkerSSLv2 and SSLv3 are refused completely since curl 7.77.0 146*6236dae4SAndroid Build Coastguard Worker 147*6236dae4SAndroid Build Coastguard WorkerSince 8.10.0 wolfSSL is fully supported. Before 8.10.0 the MAX macros were not 148*6236dae4SAndroid Build Coastguard Workersupported with wolfSSL and the other macros did not set a minimum, but 149*6236dae4SAndroid Build Coastguard Workerrestricted the TLS version to only the specified one. 150*6236dae4SAndroid Build Coastguard Worker 151*6236dae4SAndroid Build Coastguard WorkerRustls support added in 8.10.0. 152*6236dae4SAndroid Build Coastguard Worker 153*6236dae4SAndroid Build Coastguard Worker# %AVAILABILITY% 154*6236dae4SAndroid Build Coastguard Worker 155*6236dae4SAndroid Build Coastguard Worker# RETURN VALUE 156*6236dae4SAndroid Build Coastguard Worker 157*6236dae4SAndroid Build Coastguard WorkerReturns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. 158