Specifying minor TLS version when using curl

curl tls

Is there a way to specify curl to use a specific TLS version? Like 1.1 or 1.2? I can see only sslv3 and tlsv1 options in command help. I took latest src and compiled it with openssl 1.0.1e. Still dont see a direct option in help. Is there any other way to set it?


Curl has options to control the TLS version used. At the date of the last revision to this answer, if you want to specify that TLS 1.2 is used but not 1.1 or 1.3 etc, you need something like

curl --tlsv1.2 --tls-max 1.2 ...

There have been several relevant changes in Curl since the original question was asked.

Version 7.54.0

Since version 7.54.0 the behaviour has changed, see nelsonda's answer.

Options like --tlsv1.2 now specify a minimum version that is to be used, they no longer specify the exact version to be used.

To specify an exact version to be used you likely have to also specify a value for --tls-max

curl --tlsv1.2 --tls-max 1.2 ...

Version 7.52.0

Version 7.52.0 introduced --tlsv1.3 in addition to the other options listed below.

Version 7.34.0

Since version 7.34.0, Curl has options --tlsv1.0, --tlsv1.1 and --tlsv1.2 for this purpose.

The manpage said

-1, --tlsv1

(SSL) Forces curl to use TLS version 1.x when negotiating with a remote TLS server. You can use options --tlsv1.0, --tlsv1.1, and --tlsv1.2 to control the TLS version more precisely (if the SSL backend in use supports such a level of control).

...

--tlsv1.2

(SSL) Forces curl to use TLS version 1.2 when negotiating with a remote TLS server. (Added in 7.34.0)


Curl's behavior has changed!

For versions prior to 7.54.0, RedGrittyBrick's answer remains correct. For version of curl after 7.54.0 the options --tlsv1.0, --tlsv1.1 and --tlsv1.2 set the minimum version of TLS that curl will use. To specify the maximum use --tls-max <VERSION>.

From the manpage:

--tls-max

(SSL) VERSION defines maximum supported TLS version. The minimum acceptable version is set by tlsv1.0, tlsv1.1, tlsv1.2 or tlsv1.3.


Additionally to --tlsvX.Y/--sslvZ, which put a hard limit to what protocols curl would choose, you may use --tls-max x.y to softly control protocol negotiation.

Related

How do I swap audio output of the left and right speakers?
SSH permission denied on correct password authentication
Chrome Extension for Switching Locale (Accept-Languages)
Sudo vs root; any actual differences?
Windows 10 auto-logout on <5 minutes of inactivity
Is there a NoScript alternative for Google Chrome?
How can I switch an application to a different playback device on Windows 10 [duplicate]
How to convert a duration into a number of hours in Google Spreadsheets? [closed]
Print screen with cursor in Windows 7
How can I determine what process a window belongs to?
What is the equivalent of the Linux command "sudo fdisk -l" in MacOS?
How to overwrite a branch in Git with master