On Mon, 3 May 2021, Randall S. Becker wrote:
What if http.sslVersion=v1[,v2]... were supported, so there would be an enumeration of allowed versions.
That doesn't map very well to the options libcurl provide.
The benefit of an enumeration is that you could force something like 3.0-fips if your environment requires a FIPS-certified version for communication. Admittedly this is a different use case than discussed above.
Yes, and as "3.0-fips" is not a TLS version at all I think it would complicate matters in a wrong direction.
You can build libcurl to use use a FIPS compatible crypto library today, but if you do then you still select TLS version using the same options like before.
-- / daniel.haxx.se
