vtls: Fail on unrecognized param for CURLOPT_SSLVERSION

    req_method = TLSv1_2_client_method();

    use_sni(TRUE);

    break;

  case CURL_SSLVERSION_TLSv1_3:

    failf(data, "CyaSSL: TLS 1.3 is not yet supported");

    return CURLE_SSL_CONNECT_ERROR;

  case CURL_SSLVERSION_SSLv3:

#ifdef WOLFSSL_ALLOW_SSLV3

    req_method = SSLv3_client_method();

    use_sni(FALSE);

#else

    failf(data, "No support for SSLv3");

    failf(data, "CyaSSL does not support SSLv3");

    return CURLE_NOT_BUILT_IN;

#endif

    break;

#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS

  if(SSLSetProtocolVersionMax != NULL) {

    switch(data->set.ssl.version) {

      default:

      case CURL_SSLVERSION_DEFAULT:

      case CURL_SSLVERSION_TLSv1:

        (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol1);

        (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol12);

        break;

      case CURL_SSLVERSION_TLSv1_3:

        failf(data, "TLSv1.3 is not yet supported with this TLS backend");

        failf(data, "DarwinSSL: TLS 1.3 is not yet supported");

        return CURLE_SSL_CONNECT_ERROR;

      case CURL_SSLVERSION_SSLv3:

        err = SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol3);

          return CURLE_SSL_CONNECT_ERROR;

        }

        (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kSSLProtocol2);

        break;

      default:

        failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");

        return CURLE_SSL_CONNECT_ERROR;

    }

  }

  else {

                                       kSSLProtocolAll,

                                       false);

    switch (data->set.ssl.version) {

      default:

      case CURL_SSLVERSION_DEFAULT:

      case CURL_SSLVERSION_TLSv1:

        (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,

                                           true);

        break;

      case CURL_SSLVERSION_TLSv1_3:

        failf(data, "TLSv1.3 is not yet supported with this TLS backend");

        failf(data, "DarwinSSL: TLS 1.3 is not yet supported");

        return CURLE_SSL_CONNECT_ERROR;

      case CURL_SSLVERSION_SSLv3:

        err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx,

          return CURLE_SSL_CONNECT_ERROR;

        }

        break;

      default:

        failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");

        return CURLE_SSL_CONNECT_ERROR;

    }

#endif  /* CURL_SUPPORT_MAC_10_8 */

  }

#else

  (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, kSSLProtocolAll, false);

  switch(data->set.ssl.version) {

    default:

    case CURL_SSLVERSION_DEFAULT:

    case CURL_SSLVERSION_TLSv1:

    case CURL_SSLVERSION_TLSv1_0:

        return CURLE_SSL_CONNECT_ERROR;

      }

      break;

    default:

      failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");

      return CURLE_SSL_CONNECT_ERROR;

  }

#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */

    return result;

  /* Determine which SSL/TLS version should be enabled. */

  protoflags = CURL_GSKPROTO_TLSV10_MASK | CURL_GSKPROTO_TLSV11_MASK |

               CURL_GSKPROTO_TLSV12_MASK;

  sni = conn->host.name;

  switch (data->set.ssl.version) {

  case CURL_SSLVERSION_SSLv2:

    protoflags = CURL_GSKPROTO_SSLV3_MASK;

    sni = (char *) NULL;

    break;

  case CURL_SSLVERSION_DEFAULT:

  case CURL_SSLVERSION_TLSv1:

    protoflags = CURL_GSKPROTO_TLSV10_MASK |

                 CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK;

    protoflags = CURL_GSKPROTO_TLSV12_MASK;

    break;

  case CURL_SSLVERSION_TLSv1_3:

    failf(data, "TLS 1.3 not yet supported");

    return CURLE_SSL_CIPHER;

    failf(data, "GSKit: TLS 1.3 is not yet supported");

    return CURLE_SSL_CONNECT_ERROR;

  default:

    failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");

    return CURLE_SSL_CONNECT_ERROR;

  }

  /* Process SNI. Ignore if not supported (on OS400 < V7R1). */

  if(!gtls_inited)

    Curl_gtls_init();

  /* GnuTLS only supports SSLv3 and TLSv1 */

  if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) {

    failf(data, "GnuTLS does not support SSLv2");

    return CURLE_SSL_CONNECT_ERROR;

      break;

    case CURL_SSLVERSION_TLSv1_2:

      protocol_priority[0] = GNUTLS_TLS1_2;

      break;

    case CURL_SSLVERSION_TLSv1_3:

      failf(data, "GnuTLS does not support TLSv1.3");

      failf(data, "GnuTLS: TLS 1.3 is not yet supported");

      return CURLE_SSL_CONNECT_ERROR;

    break;

    case CURL_SSLVERSION_SSLv2:

    default:

      failf(data, "GnuTLS does not support SSLv2");

      return CURLE_SSL_CONNECT_ERROR;

      break;

    default:

      failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");

      return CURLE_SSL_CONNECT_ERROR;

  }

  rc = gnutls_protocol_set_priority(session, protocol_priority);

  if(rc != GNUTLS_E_SUCCESS) {

                     "+VERS-TLS1.2:" GNUTLS_SRP;

      break;

    case CURL_SSLVERSION_TLSv1_3:

      failf(data, "GnuTLS does not support TLSv1.3");

      failf(data, "GnuTLS: TLS 1.3 is not yet supported");

      return CURLE_SSL_CONNECT_ERROR;

    case CURL_SSLVERSION_SSLv2:

    default:

      failf(data, "GnuTLS does not support SSLv2");

      return CURLE_SSL_CONNECT_ERROR;

      break;

    default:

      failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");

      return CURLE_SSL_CONNECT_ERROR;

  }

  rc = gnutls_priority_set_direct(session, prioritylist, &err);

  if((rc == GNUTLS_E_INVALID_REQUEST) && err) {

                                 MBEDTLS_SSL_MINOR_VERSION_3);

    infof(data, "mbedTLS: Set SSL version to TLS 1.2\n");

    break;

  case CURL_SSLVERSION_TLSv1_3:

    failf(data, "mbedTLS: TLS 1.3 is not yet supported");

    return CURLE_SSL_CONNECT_ERROR;

  default:

    failf(data, "mbedTLS: Unsupported SSL protocol version");

    failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");

    return CURLE_SSL_CONNECT_ERROR;

  }