Background:

Hello I am working on an option for libcurl called CURL_SSLVERSION_SSLv3_OR_LATER. The option will allow legacy behavior to mimic the way CURL_SSLVERSION_DEFAULT used to work, before SSLv3 was disabled by default due to POODLE. In other words the option will attempt to enable SSLv3 protocol in the respective SSL library if possible. The idea is to give some of the old compatibility.

To implement the option in the code that interfaces with wolfSSL I set the request method via SSLv23_client_method and then later in the code if wolfSSL >= 3.3.0 I set the minimum protocol version to the least of SSLv3, TLSv1.0, TLSv1.1, TLSv1.2.

Questions:

If wolfSSL < 3.3.0 I figured that SSLv23_client_method would always give a minimum of SSLv3 without any other calls, and that's how I implemented it. One of the other developers has pointed out that "this patch seems to enable SSLv2 for the wolfSSL back-end when the new option is used." Is that possible in some version <3.3.0? The documentation I read (3.2.0) says SSL3 - TLS 1.2 but I don't know if for some earlier version you allowed SSLv2.

I would like to know how in versions <3.3.0 I can ensure a minimum version of SSLv3, or as close to it as possible. For example if SSLv3 was disabled in wolfSSL at compile time and truly the plumbing isn't there, then I would use TLSv1.0, and if that's disabled then TLSv1.1, and so on.

Also, is there any way at runtime to get the version of the wolfSSL library? I did check the documentation but I don't see it. I'm thinking about shared libraries and the possibility if libcurl is compiled with one version of wolfSSL but then at runtime some other wolfSSL is loaded (by mistake, an upgrade, etc).

Thanks