Force Specific TLS Version When Downloading on Ubuntu
This guide explains how to download files on Ubuntu while enforcing a specific TLS version. You will learn how to use command-line tools like curl and wget to specify TLS 1.2 or 1.3. This is useful for connecting to legacy servers or troubleshooting secure connection errors.
Using Curl to Set TLS Version
Curl is the most common tool for transferring data with URLs. It supports various flags to control the TLS protocol version directly from the command line.
To force TLS 1.2, use the --tlsv1.2 flag:
curl --tlsv1.2 -O https://example.com/file.zipTo force TLS 1.3, use the --tlsv1.3 flag:
curl --tlsv1.3 -O https://example.com/file.zipIf you need to set a maximum allowed version, use the
--tls-max option:
curl --tls-max 1.2 -O https://example.com/file.zipUsing Wget to Set TLS Version
Wget is another standard utility available on Ubuntu. It uses the
--secure-protocol option to define the specific TLS version
for the connection.
To download a file using TLS 1.2:
wget --secure-protocol=TLSv1_2 https://example.com/file.zipFor TLS 1.3, use the following command:
wget --secure-protocol=TLSv1_3 https://example.com/file.zipVerifying the Connection
You can verify which TLS version was negotiated by enabling verbose
output. For curl, add the -v flag. For wget, add the
--debug flag. Look for the handshake details in the
terminal output to confirm the protocol version matches your
request.
Installing Required Tools
If these tools are not installed on your Ubuntu system, you can install them via the package manager. Run the following command to update your repository and install both utilities:
sudo apt update
sudo apt install curl wget