SSL/TLS Protocol Version Negotiation

The TLS protocol is such that the client tells the server the highest version it supports, such as TLS 1.3, and then the server chooses the version it desires.

For example, if the client says "I can support anything up to and include TLS 1.3", then the server might say: "OK, I'm choosing TLS 1.2".

In general, you should just let the server choose and use what it chooses (don't try to explicitly set a specific TLS protocol).

Chilkat has the option where you can be more specific about the TLS protocol. For example, the Socket.SslProtocol property can be set to the following strings:

    default
    TLS 1.3
    TLS 1.2
    TLS 1.1
    TLS 1.0
    SSL 3.0
    TLS 1.3 or higher
    TLS 1.2 or higher
    TLS 1.1 or higher
    TLS 1.0 or higher

This provides a way for the client (Chilkat) to abandon the connection if the server chooses a TLS version that is not desired.

For example, let's say your app sets SslProtocol = "TLS 1.2 or higher". In the TLS connection handshake, Chilkat sends the TLS ClientHello saying "I can do anything up to TLS 1.3", and then the server sends the TLS ServerHello saying "OK, let's do TLS 1.0". Chilkat will then fail the connection because the server chose a version lower than 1.2.