Specifying minor TLS version when using curl
Curl has options to control the TLS version used. At the date of the last revision to this answer, if you want to specify that TLS 1.2 is used but not 1.1 or 1.3 etc, you need something like
curl --tlsv1.2 --tls-max 1.2 ...
There have been several relevant changes in Curl since the original question was asked.
Version 7.54.0
Since version 7.54.0 the behaviour has changed, see nelsonda's answer.
Options like --tlsv1.2
now specify a minimum version that is to be used, they no longer specify the exact version to be used.
To specify an exact version to be used you likely have to also specify a value for --tls-max
curl --tlsv1.2 --tls-max 1.2 ...
Version 7.52.0
Version 7.52.0 introduced --tlsv1.3
in addition to the other options listed below.
Version 7.34.0
Since version 7.34.0, Curl has options --tlsv1.0
, --tlsv1.1
and --tlsv1.2
for this purpose.
The manpage said
-1, --tlsv1
(SSL) Forces curl to use TLS version 1.x when negotiating with a remote TLS server. You can use options --tlsv1.0, --tlsv1.1, and --tlsv1.2 to control the TLS version more precisely (if the SSL backend in use supports such a level of control).
...
--tlsv1.2
(SSL) Forces curl to use TLS version 1.2 when negotiating with a remote TLS server. (Added in 7.34.0)
Curl's behavior has changed!
For versions prior to 7.54.0, RedGrittyBrick's answer remains correct. For version of curl after 7.54.0 the options --tlsv1.0
, --tlsv1.1
and --tlsv1.2
set the minimum version of TLS that curl will use. To specify the maximum use --tls-max <VERSION>
.
From the manpage:
--tls-max
(SSL) VERSION defines maximum supported TLS version. The minimum acceptable version is set by tlsv1.0, tlsv1.1, tlsv1.2 or tlsv1.3.
Additionally to --tlsvX.Y
/--sslvZ
, which put a hard limit to what protocols curl would choose, you may use --tls-max x.y
to softly control protocol negotiation.