> On 10. Jul 2025, at 23:23, Daniel Stenberg via curl-library > <curl-library@lists.haxx.se> wrote: > > Right, > > For all reasons, see RFC 8996 => https://datatracker.ietf.org/doc/html/rfc8996 > 2. We give everyone six more months to adapt, protest or similar and then in > March 2026 we make libcurl return error if asked to use anything lower than > 1.2
There may be plenty of old code around, that explicitly puts in CURL_SSLVERSION_TLSv1_0 or CURL_SSLVERSION_TLSv1_1. From a time where we had SSL v3 as default and we wanted to get better TLS 1.0 or 1.1. I would suggest to allow it, output a warning in the debug log "TLS 1.0 no longer available, using TLS 1.3 instead." and switch to TLS 1.3. If some old code requests CURL_SSLVERSION_TLSv1_0 or CURL_SSLVERSION_TLSv1_1, you handle it like CURL_SSLVERSION_TLSv1 and use 1.3 with 1.2 as fallback. Greetings Christian — See you at the EngageU conference 9th to 11th November 2025 in Antwerpen, Belgium https://engageu.eu/ -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
