vtls: add options to specify range of enabled TLS versions (6448f98c) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

docs/cmdline-opts/tls-max.d

0 → 100644

+24 −0

Original line number	Diff line number	Diff line
		Long: tls-max
		Arg: <VERSION>
		Tags: Versions
		Protocols: SSL
		Added: 7.54.0
		Requires: TLS
		See-also: tlsv1.0 tlsv1.1 tlsv1.2
		Help: Use TLSv1.0 or greater
		---
		VERSION defines maximum supported TLS version. A minimum is defined
		by arguments tlsv1.0 or tlsv1.1 or tlsv1.2.

		.RS
		.IP "default"
		Use up to recommended TLS version.
		.IP "1.0"
		Use up to TLSv1.0.
		.IP "1.1"
		Use up to TLSv1.1.
		.IP "1.2"
		Use up to TLSv1.2.
		.IP "1.3"
		Use up to TLSv1.3.
		.RE

+19 −1

Original line number	Diff line number	Diff line
		@@ -46,6 +46,23 @@ TLSv1.1
		TLSv1.2
		.IP CURL_SSLVERSION_TLSv1_3
		TLSv1.3
		.IP CURL_SSLVERSION_MAX_DEFAULT
		The flag defines maximum supported TLS version as TLSv1.2 or default
		value from SSL library. Only library NSS currently allows to get
		maximum supported TLS version.
		(Added in 7.54.0)
		.IP CURL_SSLVERSION_MAX_TLSv1_0
		The flag defines maximum supported TLS version as TLSv1.0.
		(Added in 7.54.0)
		.IP CURL_SSLVERSION_MAX_TLSv1_1
		The flag defines maximum supported TLS version as TLSv1.1.
		(Added in 7.54.0)
		.IP CURL_SSLVERSION_MAX_TLSv1_2
		The flag defines maximum supported TLS version as TLSv1.2.
		(Added in 7.54.0)
		.IP CURL_SSLVERSION_MAX_TLSv1_3
		The flag defines maximum supported TLS version as TLSv1.3.
		(Added in 7.54.0)
		.RE
		.SH DEFAULT
		CURL_SSLVERSION_DEFAULT
		@@ -58,7 +75,8 @@ if(curl) {
		curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");

		/* ask libcurl to use TLS version 1.0 or later */
		curl_easy_setopt(curl, CURLOPT_PROXY_SSLVERSION, CURL_SSLVERSION_TLSv1);
		curl_easy_setopt(curl, CURLOPT_PROXY_SSLVERSION, CURL_SSLVERSION_TLSv1_1 \|
		CURL_SSLVERSION_MAX_DEFAULT);

		/* Perform the request */
		curl_easy_perform(curl);

+20 −2

Original line number	Diff line number	Diff line
		@@ -50,6 +50,23 @@ TLSv1.1 (Added in 7.34.0)
		TLSv1.2 (Added in 7.34.0)
		.IP CURL_SSLVERSION_TLSv1_3
		TLSv1.3 (Added in 7.52.0)
		.IP CURL_SSLVERSION_MAX_DEFAULT
		The flag defines maximum supported TLS version as TLSv1.2 or default
		value from SSL library. Only library NSS currently allows to get
		maximum supported TLS version.
		(Added in 7.54.0)
		.IP CURL_SSLVERSION_MAX_TLSv1_0
		The flag defines maximum supported TLS version as TLSv1.0.
		(Added in 7.54.0)
		.IP CURL_SSLVERSION_MAX_TLSv1_1
		The flag defines maximum supported TLS version as TLSv1.1.
		(Added in 7.54.0)
		.IP CURL_SSLVERSION_MAX_TLSv1_2
		The flag defines maximum supported TLS version as TLSv1.2.
		(Added in 7.54.0)
		.IP CURL_SSLVERSION_MAX_TLSv1_3
		The flag defines maximum supported TLS version as TLSv1.3.
		(Added in 7.54.0)
		.RE
		.SH DEFAULT
		CURL_SSLVERSION_DEFAULT
		@@ -61,8 +78,9 @@ CURL *curl = curl_easy_init();
		if(curl) {
		curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");

		/* ask libcurl to use TLS version 1.0 or later */
		curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
		/* ask libcurl to use TLS version 1.1 or later */
		curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1.1 \|
		CURL_SSLVERSION_MAX_DEFAULT);

		/* Perform the request */
		curl_easy_perform(curl);

+6 −0

+12 −0

Original line number	Diff line number	Diff line
		@@ -1884,6 +1884,18 @@ enum {
		CURL_SSLVERSION_LAST /* never use, keep last */
		};

		enum {
		CURL_SSLVERSION_MAX_NONE = 0,
		CURL_SSLVERSION_MAX_DEFAULT = (CURL_SSLVERSION_TLSv1 << 16),
		CURL_SSLVERSION_MAX_TLSv1_0 = (CURL_SSLVERSION_TLSv1_0 << 16),
		CURL_SSLVERSION_MAX_TLSv1_1 = (CURL_SSLVERSION_TLSv1_1 << 16),
		CURL_SSLVERSION_MAX_TLSv1_2 = (CURL_SSLVERSION_TLSv1_2 << 16),
		CURL_SSLVERSION_MAX_TLSv1_3 = (CURL_SSLVERSION_TLSv1_3 << 16),

		/* never use, keep last */
		CURL_SSLVERSION_MAX_LAST = (CURL_SSLVERSION_LAST << 16)
		};

		enum CURL_TLSAUTH {
		CURL_TLSAUTH_NONE,
		CURL_TLSAUTH_SRP,