On May 3, 2021 5:10 PM, Daniel Stenberg wrote: >Subject: RE: http.sslVersion only specifies minimum TLS version, later versions >are allowed > >On Mon, 3 May 2021, Randall S. Becker wrote: > >> What if http.sslVersion=v1[,v2]... were supported, so there would be >> an enumeration of allowed versions. > >That doesn't map very well to the options libcurl provide. > >> The benefit of an enumeration is that you could force something like >> 3.0-fips if your environment requires a FIPS-certified version for >> communication. Admittedly this is a different use case than discussed above. > >Yes, and as "3.0-fips" is not a TLS version at all I think it would complicate >matters in a wrong direction. > >You can build libcurl to use use a FIPS compatible crypto library today, but if you >do then you still select TLS version using the same options like before. Sadly, curl_version_info_data.ssl_version does not provide this level of detail. Maybe it should, but I'm not about to go there. Regards, Randall
