Enable TLS
curl supports the TLS version of many protocols. HTTP has HTTPS, FTP has FTPS,LDAP has LDAPS, POP3 has POP3S, IMAP has IMAPS and SMTP has SMTPS.
If the server side supports it, you can use the TLS version of these protocolswith curl.
There are two general approaches to do TLS with protocols. One of them is tospeak TLS already from the first connection handshake while the other is toupgrade the connection from plain-text to TLS using protocol specificinstructions.
With curl, if you explicitly specify the TLS version of the protocol (the onethat has a name that ends with an 'S' character) in the URL, curl tries toconnect with TLS from start, while if you specify the non-TLS version in theURL you canusually upgrade the connection to TLS-based with the--ssloption.
The support table looks like this:
| Clear | TLS version | --ssl |
|---|---|---|
| HTTP | HTTPS | no |
| LDAP | LDAPS | no |
| FTP | FTPS | yes |
| POP3 | POP3S | yes |
| IMAP | IMAPS | yes |
| SMTP | SMTPS | yes |
The protocols thatcan do--ssl all favor that method. Using--ssl meansthat curlattempts to upgrade the connection to TLS but if that fails, itstill continues with the transfer using the plain-text version of theprotocol. To make the--ssl optionrequire TLS to continue, there isinstead the--ssl-reqd option which makes the transfer fail if curl cannotsuccessfully negotiate TLS.
Require TLS security for your FTP transfer:
curl --ssl-reqd ftp://ftp.example.com/file.txtSuggest TLS to be used for your FTP transfer:
curl --ssl ftp://ftp.example.com/file.txtConnecting directly with TLS (toHTTPS://,LDAPS://,FTPS:// etc) means thatTLS is mandatory and curl returns an error if TLS is not negotiated.
Get a file over HTTPS:
curl https://www.example.com/