.\" generated by cd2nroff 0.1 from CURLOPT_SSLVERSION.md .TH CURLOPT_SSLVERSION 3 "2024-07-29" libcurl .SH NAME CURLOPT_SSLVERSION \- preferred TLS/SSL version .SH SYNOPSIS .nf #include CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLVERSION, long version); .fi .SH DESCRIPTION Pass a long as parameter to control which version range of SSL/TLS versions to use. The SSL and TLS versions have typically developed from the most insecure version to be more and more secure in this order through history: SSL v2, SSLv3, TLS v1.0, TLS v1.1, TLS v1.2 and the most recent TLS v1.3. Use one of the available defines for this purpose. The available options are: .IP CURL_SSLVERSION_DEFAULT The default acceptable version range. The minimum acceptable version is by default TLS v1.0 since 7.39.0 (unless the TLS library has a stricter rule). .IP CURL_SSLVERSION_TLSv1 TLS v1.0 or later .IP CURL_SSLVERSION_SSLv2 SSL v2 \- refused .IP CURL_SSLVERSION_SSLv3 SSL v3 \- refused .IP CURL_SSLVERSION_TLSv1_0 TLS v1.0 or later (Added in 7.34.0) .IP CURL_SSLVERSION_TLSv1_1 TLS v1.1 or later (Added in 7.34.0) .IP CURL_SSLVERSION_TLSv1_2 TLS v1.2 or later (Added in 7.34.0) .IP CURL_SSLVERSION_TLSv1_3 TLS v1.3 or later (Added in 7.52.0) .PP The maximum TLS version can be set by using \fIone\fP of the CURL_SSLVERSION_MAX_ macros below. It is also possible to OR \fIone\fP of the CURL_SSLVERSION_ macros with \fIone\fP of the CURL_SSLVERSION_MAX_ macros. The MAX macros are not supported for wolfSSL. .IP CURL_SSLVERSION_MAX_DEFAULT The flag defines the maximum supported TLS version by libcurl, or the default value from the SSL library is used. libcurl uses a sensible default maximum, which was TLS v1.2 up to before 7.61.0 and is TLS v1.3 since then \- assuming the TLS library support it. (Added in 7.54.0) .IP CURL_SSLVERSION_MAX_TLSv1_0 The flag defines maximum supported TLS version as TLS v1.0. (Added in 7.54.0) .IP CURL_SSLVERSION_MAX_TLSv1_1 The flag defines maximum supported TLS version as TLS v1.1. (Added in 7.54.0) .IP CURL_SSLVERSION_MAX_TLSv1_2 The flag defines maximum supported TLS version as TLS v1.2. (Added in 7.54.0) .IP CURL_SSLVERSION_MAX_TLSv1_3 The flag defines maximum supported TLS version as TLS v1.3. (Added in 7.54.0) .PP In versions of curl prior to 7.54 the CURL_SSLVERSION_TLS options were documented to allow \fIonly\fP the specified TLS version, but behavior was inconsistent depending on the TLS library. .SH DEFAULT CURL_SSLVERSION_DEFAULT .SH PROTOCOLS This functionality affects all TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. All TLS backends support this option. .SH EXAMPLE .nf int main(void) { CURL *curl = curl_easy_init(); if(curl) { curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); /* ask libcurl to use TLS version 1.0 or later */ curl_easy_setopt(curl, CURLOPT_SSLVERSION, (long)CURL_SSLVERSION_TLSv1); /* Perform the request */ curl_easy_perform(curl); } } .fi .SH HISTORY SSLv2 and SSLv3 are refused completely since curl 7.77.0 SSLv2 is disabled by default since 7.18.1. Other SSL versions availability may vary depending on which backend libcurl has been built to use. SSLv3 is disabled by default since 7.39.0. .SH AVAILABILITY Added in curl 7.1 .SH RETURN VALUE Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. .SH SEE ALSO .BR CURLOPT_HTTP_VERSION (3), .BR CURLOPT_IPRESOLVE (3), .BR CURLOPT_PROXY_SSLVERSION (3), .BR CURLOPT_USE_SSL (3)