1---
2c: Copyright (C) Daniel Stenberg, <daniel.se>, et al.
3SPDX-License-Identifier: curl
4Title: CURLOPT_SSLVERSION
5Section: 3
6Source: libcurl
7See-also:
8  - CURLOPT_HTTP_VERSION (3)
9  - CURLOPT_IPRESOLVE (3)
10  - CURLOPT_PROXY_SSLVERSION (3)
11  - CURLOPT_USE_SSL (3)
12---
13
14# NAME
15
16CURLOPT_SSLVERSION - preferred TLS/SSL version
17
18# SYNOPSIS
19
20~~~c
21#include <curl/curl.h>
22
23CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLVERSION, long version);
24~~~
25
26# DESCRIPTION
27
28Pass a long as parameter to control which version range of SSL/TLS versions to
29use.
30
31The SSL and TLS versions have typically developed from the most insecure
32version to be more and more secure in this order through history: SSL v2,
33SSLv3, TLS v1.0, TLS v1.1, TLS v1.2 and the most recent TLS v1.3.
34
35Use one of the available defines for this purpose. The available options are:
36
37## CURL_SSLVERSION_DEFAULT
38
39The default acceptable version range. The minimum acceptable version is by
40default TLS v1.0 since 7.39.0 (unless the TLS library has a stricter rule).
41
42## CURL_SSLVERSION_TLSv1
43
44TLS v1.0 or later
45
46## CURL_SSLVERSION_SSLv2
47
48SSL v2 - refused
49
50## CURL_SSLVERSION_SSLv3
51
52SSL v3 - refused
53
54## CURL_SSLVERSION_TLSv1_0
55
56TLS v1.0 or later (Added in 7.34.0)
57
58## CURL_SSLVERSION_TLSv1_1
59
60TLS v1.1 or later (Added in 7.34.0)
61
62## CURL_SSLVERSION_TLSv1_2
63
64TLS v1.2 or later (Added in 7.34.0)
65
66## CURL_SSLVERSION_TLSv1_3
67
68TLS v1.3 or later (Added in 7.52.0)
69
70The maximum TLS version can be set by using *one* of the
71CURL_SSLVERSION_MAX_ macros below. It is also possible to OR *one* of the
72CURL_SSLVERSION_ macros with *one* of the CURL_SSLVERSION_MAX_ macros.
73The MAX macros are not supported for WolfSSL.
74
75## CURL_SSLVERSION_MAX_DEFAULT
76
77The flag defines the maximum supported TLS version by libcurl, or the default
78value from the SSL library is used. libcurl uses a sensible default maximum,
79which was TLS v1.2 up to before 7.61.0 and is TLS v1.3 since then - assuming
80the TLS library support it. (Added in 7.54.0)
81
82## CURL_SSLVERSION_MAX_TLSv1_0
83
84The flag defines maximum supported TLS version as TLS v1.0.
85(Added in 7.54.0)
86
87## CURL_SSLVERSION_MAX_TLSv1_1
88
89The flag defines maximum supported TLS version as TLS v1.1.
90(Added in 7.54.0)
91
92## CURL_SSLVERSION_MAX_TLSv1_2
93
94The flag defines maximum supported TLS version as TLS v1.2.
95(Added in 7.54.0)
96
97## CURL_SSLVERSION_MAX_TLSv1_3
98
99The flag defines maximum supported TLS version as TLS v1.3.
100(Added in 7.54.0)
101
102In versions of curl prior to 7.54 the CURL_SSLVERSION_TLS options were
103documented to allow *only* the specified TLS version, but behavior was
104inconsistent depending on the TLS library.
105
106# DEFAULT
107
108CURL_SSLVERSION_DEFAULT
109
110# PROTOCOLS
111
112All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
113
114# EXAMPLE
115
116~~~c
117int main(void)
118{
119  CURL *curl = curl_easy_init();
120  if(curl) {
121    curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
122
123    /* ask libcurl to use TLS version 1.0 or later */
124    curl_easy_setopt(curl, CURLOPT_SSLVERSION, (long)CURL_SSLVERSION_TLSv1);
125
126    /* Perform the request */
127    curl_easy_perform(curl);
128  }
129}
130~~~
131
132# AVAILABILITY
133
134SSLv2 and SSLv3 are refused completely since curl 7.77.0
135
136SSLv2 is disabled by default since 7.18.1. Other SSL versions availability may
137vary depending on which backend libcurl has been built to use.
138
139SSLv3 is disabled by default since 7.39.0.
140
141# RETURN VALUE
142
143Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
144