Bug ID 633465: Curl cannot be forced to use TLSv1.0 or TLSv1.1

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
11.6.3, 11.6.2, 11.6.1, 11.6.1, 11.5.6, 11.5.5, 11.5.4, 11.5.4, 11.5.4

Fixed In:
11.6.3.3, 11.5.7

Opened: Dec 14, 2016
Severity: 3-Major
Related AskF5 Article:
K09748643

Symptoms

Curl fails when connecting to server that does not accept TLSv1.1 or TLSv1.2 handshakes. This occurs even if the "--tlsv1.0" or "--tlsv1.1" options to the curl command are used.

Impact

Curl will fail.

Conditions

Curl is used to attempt to connect to a server that does not understand TLSv1.1 and/or TLSv1.2 handshakes. This occurs when using software v11.5.4 HF2 through 11.5.6 or v11.6.1 HF1 through 11.6.3.

Workaround

Use "curl-apd" rather than "curl". curl-apd does not currently implement TLSv1.1 or TLSv1.2.

Fix Information

Curl now honors the tlsv version flag, so the system correctly uses TLSv1.0, TLSv1.1, or TLSv1.2, as specified.

Behavior Change