cURL displays SSLv3 instead of TLSv1

Question

Why does cURL 7.19 display SSLv3 during handshake if SSL is disabled by curl_easy_setopt function?

curl_easy_setopt(m_curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);

cURL output:

CURL Info: SSLv3, TLS handshake, Client hello (1):
CURL Info: SSLv3, TLS handshake, Server hello (2):
CURL Info: SSLv3, TLS handshake, CERT (11):
CURL Info: SSLv3, TLS handshake, Server finished (14):
CURL Info: SSLv3, TLS handshake, Client key exchange (16):
CURL Info: SSLv3, TLS change cipher, Client hello (1):
CURL Info: SSLv3, TLS handshake, Finished (20):
CURL Info: SSLv3, TLS handshake, Unknown (4):
CURL Info: SSLv3, TLS change cipher, Client hello (1):
CURL Info: SSLv3, TLS handshake, Finished (20):
CURL Info: SSL connection using DES-CBC3-SHA

Is it OK that cURL displays "SSLv3"?

Bruno · Accepted Answer

I'll quote my own answer (to a different question):

Curl's debug code (-v) only displays the major version number (mainly to distinguish between SSLv2 and SSLv3+ types of messages, see ssl_tls_trace), so it will still display "SSLv3" when you use TLS 1.0 or above (because they're effectively SSL v3.1 or above, 3 is the same major version number).

If you want to make sure you're using the right version, you should probably check the return value from setopt.

In addition, you could use the trace option to look at the handshake in details:

== Info: SSLv3, TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: 01 00 01 fc 03 03

The 5th byte will be the major revision number (03 here), the 6th will be the minor revision number.

(03, 00) is SSLv3
(03, 01) is TLSv1.0
(03, 02) is TLSv1.1
(03, 03) is TLSv1.2

cURL displays SSLv3 instead of TLSv1

Answers (1)

Related Questions