I can't force curl to use tls 1.2. Whatever i tried its only uses tls 1.3.
There is my source code:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.howsmyssl.com/a/check");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
//also tried *6* => same response.
//also tried *5* => same response.
//also tried *4* => same response.
//also tried *3* => same response.
//also tried *2* => same response.
//also tried *1* => same response.
//also tried *0* => same response.
//also tried *CURL_SSLVERSION_MAX_TLSv1_2* => Undefined constant "CURL_SSLVERSION_MAX_TLSv1_2" error.
$response = curl_exec($ch);
curl_close($ch);
$tlsVer = json_decode($response, true);
echo "<h1>Your TSL version is: <u>" . ($tlsVer['tls_version'] ?: 'no TLS support') . "</u></h1>";
Response is always:
<h1>Your TSL version is: <u>TLS 1.3</u></h1>
Versions from phpinfo() is below:
Curl version: 7.87.0
Open ssl version: OpenSSL 1.0.2k-fips 26 Jan 2017
php version: 8.2.2
Edit: My server previously had curl 7.29.0, I updated to 7.87.0.
Edit2: More details from phpinfo();
openssl
curl
The documentation on the CURL website is somewhat clear:
CURLOPT_SSLVERSION - preferred TLS/SSL version
[...]
CURL_SSLVERSION_TLSv1_2
TLS v1.2 or later (Added in 7.34.0)
Note that it says or later but you want to enforce a maximum:
The maximum TLS version can be set by using one of the CURL_SSLVERSION_MAX_ macros below.
CURL_SSLVERSION_MAX_TLSv1_2
The flag defines maximum supported TLS version as TLS v1.2. (Added in 7.54.0)
The constants should be available in your combination of PHP + curl. If not, you can look them up here. CURL_SSLVERSION_MAX_TLSv1_2 would be 0b110_00000000_00000000.