diff options
author | Daniel Stenberg <daniel@haxx.se> | 2022-01-19 11:42:27 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2022-01-19 23:30:07 +0100 |
commit | cdb495f743d9154294686b4faf7075ff6b4f1b5a (patch) | |
tree | c58b937e4fd4b3027c8050f98f6fc9638319d28c | |
parent | fde0925214c41300b50c8136d35031615ecaa6bb (diff) | |
download | curl-cdb495f743d9154294686b4faf7075ff6b4f1b5a.tar.gz |
docs: document HTTP/2 not insisting on TLS 1.2
Both for --http2 and CURLOPT_HTTP_VERSION.
Reported-by: jhoyla on github
Fixes #8235
Closes #8300
-rw-r--r-- | docs/cmdline-opts/http2.d | 4 | ||||
-rw-r--r-- | docs/libcurl/opts/CURLOPT_HTTP_VERSION.3 | 6 |
2 files changed, 9 insertions, 1 deletions
diff --git a/docs/cmdline-opts/http2.d b/docs/cmdline-opts/http2.d index 168b54b2e..f06057508 100644 --- a/docs/cmdline-opts/http2.d +++ b/docs/cmdline-opts/http2.d @@ -17,3 +17,7 @@ handshake. curl does this by default. For HTTP, this means curl will attempt to upgrade the request to HTTP/2 using the Upgrade: request header. + +When curl uses HTTP/2 over HTTPS, it does not itself insist on TLS 1.2 or +higher even though that is required by the specification. A user can add this +version requirement with --tlsv1.2. diff --git a/docs/libcurl/opts/CURLOPT_HTTP_VERSION.3 b/docs/libcurl/opts/CURLOPT_HTTP_VERSION.3 index cb7c61ea1..bc9e00a36 100644 --- a/docs/libcurl/opts/CURLOPT_HTTP_VERSION.3 +++ b/docs/libcurl/opts/CURLOPT_HTTP_VERSION.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. +.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -48,6 +48,10 @@ Enforce HTTP 1.1 requests. Attempt HTTP 2 requests. libcurl will fall back to HTTP 1.1 if HTTP 2 cannot be negotiated with the server. (Added in 7.33.0) +When libcurl uses HTTP/2 over HTTPS, it does not itself insist on TLS 1.2 or +higher even though that is required by the specification. A user can add this +version requirement with \fICURLOPT_SSLVERSION(3)\fP. + The alias \fICURL_HTTP_VERSION_2\fP was added in 7.43.0 to better reflect the actual protocol name. .IP CURL_HTTP_VERSION_2TLS |