we want to force in our software that connecting to a host that does not offer TLSv1.2 fails.
I thought this could be done by using CURLOPT_SSLVERSION but alas this seems not to be supported with polarssl. As polarssl offers API to set the minimal SSL Versions I've written the small attached patch to set the minimum SSL version after the SSL Init.
In case the server does not offer the requested setting you will get:
ssl_handshake returned - PolarSSL: (-0x6E80) SSL - Handshake protocol not within min/max boundaries